Jump to content


Photo

Brand new laptop but very slow and Windows Command Processor malware

Started by XZY5 , Dec 29 2016 05:38 AM

  • This topic is locked This topic is locked
33 replies to this topic

#1 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 29 December 2016 - 05:38 AM

I recently (27th Dec) bought a new laptop (Lenovo IdeaPad 310 i7 64-bit). All I have downloaded on it are the following programmes: 

 

Malwarebytes, Spywareblaster, Superantipspyware, WinPatrol, Filehippo, uTorrent, Advanced uninstaller PRO, Daemon tools, 7zip, iTunes, Java, Skype, VLC media player, and Microsoft office from my university's free subscription service. I have windows defender set to periodic scanning, with real time protection from the McAfee antivirus the laptop came with. I was planning on getting Kaspersky antivirus before disabling McAfee but I started having this problem before I could. 

 

WinPatrol monitors changes programes want to make on my computer, and I get a pop-up asking for permission to let programes start at startup. After I downloaded microsoft office I got a pop asking for permission for Windows Command Processor, which sounded important and I was going to accept the change but I decided to research it a little bit first and found that it is actually type of malware. I rejected the change, but the same pop-up kept coming back and I found during my research that the malware is tricky to uninstall. On top of that several other start-up permission pop ups (Lync browser helper, itunes helper) and add-on permission pop-ups (Onedrive for business and lync click-to-call) keep coming up repeated within minutes of me rejecting them. On top of that, my new laptop is very slow on start-up despite my having disabled the programes I know I don't need running at start-up, and barely having anything in it. It cannot be because the processor is weak (its an i7) or because it doesn't have enough memory (8gb ram with 2tb storage). I checked task manager and found that the CPU usage was at 97% at one point and then dropped to 58% so I wasn't able to check what was eating up so much power. I am not sure exactly what is wrong, and how I got infected in the first place. The laptop is also running slower than expected when operating normally, and a lot of the setting that I have changed haven't actually taken effect even after restarting. If i check my settings they are set to what I changed them to, but in actual use I don't see those changes.  

 

My old laptop is 6 years old and while I am a relatively safe user now, that wasn't really the case when I first got my old laptop. It could be that some form of infection I got in the early days never got cleaned out properly and stayed on. The only thing that I have connected from my old laptop to my new one is the USB mouse that I use instead of the touchpad. However, I am aware that it is possible for infections to go from one device to another if they're connected to the same router. I have 3 laptops, 1 desktop and 5 mobile phones all using the same wifi connection within my household, and I cannot say that all users are safe users within us. I have read the posting guidelines, and gather all the necessary logs from both my new laptop and the old one as I am suspecting there is a high chance that is how my new laptop got infected and I am copying them below. The first set is from my new laptop, and the second set is from my old one (Sony VAIO i3)

 

New laptop:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by rubai (administrator) on LAPTOP-H11LMCGD (28-12-2016 22:08:04)
Running from C:\Users\rubai\Downloads
Loaded Profiles: rubai (Available Profiles: defaultuser0 & rubai)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Innovative Solutions GRUP SRL) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(SweetLabs, Inc) C:\Users\rubai\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-08-27] ()
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [809472 2016-05-16] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830232 2016-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-08] (Conexant Systems, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-249857850-3300716479-2824224529-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-249857850-3300716479-2824224529-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1231240 2016-11-14] (Ruiware)
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3c534fd4-232a-4f81-a4ae-106587f717f2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{524bc8a0-db43-47fd-b825-64eaecd18972}: [DhcpNameServer] 150.207.1.2
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-249857850-3300716479-2824224529-1001 -> DefaultScope {2EFAACDB-4865-45C6-849A-0F556923BA18} URL = 
SearchScopes: HKU\S-1-5-21-249857850-3300716479-2824224529-1001 -> {2EFAACDB-4865-45C6-849A-0F556923BA18} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-27] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-27] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-27] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-10-19] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-10-19] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: s2hjnj8d.default
FF ProfilePath: C:\Users\rubai\AppData\Roaming\Mozilla\Firefox\Profiles\s2hjnj8d.default [2016-12-28]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\rubai\AppData\Roaming\Mozilla\Firefox\Profiles\s2hjnj8d.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-12-27]
FF Extension: (uBlock Origin) - C:\Users\rubai\AppData\Roaming\Mozilla\Firefox\Profiles\s2hjnj8d.default\Extensions\uBlock0@raymondhill.net.xpi [2016-12-27]
FF Extension: (Session Manager) - C:\Users\rubai\AppData\Roaming\Mozilla\Firefox\Profiles\s2hjnj8d.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-12-27]
FF Extension: (YouTube High Definition) - C:\Users\rubai\AppData\Roaming\Mozilla\Firefox\Profiles\s2hjnj8d.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-12-27]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-12-27] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-10-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-27] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-10-19] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Google Slides) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-27]
CHR Extension: (Google Docs) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-27]
CHR Extension: (Google Drive) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-27]
CHR Extension: (YouTube) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-27]
CHR Extension: (Session Buddy) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-12-27]
CHR Extension: (Google Sheets) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-27]
CHR Extension: (Whatsapp Web) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahehbojcacaklcdefjblcpcpammjlj [2016-12-27]
CHR Extension: (Google Docs Offline) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-27]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-27]
CHR Extension: (Speedtest by Ookla) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2016-12-27]
CHR Extension: (Gmail) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 0143641482962494mcinstcleanup; C:\Windows\TEMP\014364~1.EXE [961888 2016-05-16] (McAfee, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-06-29] (Windows ® Win 7 DDK provider)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [666608 2016-03-22] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3019968 2016-12-04] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [457184 2016-09-03] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [146944 2016-05-16] () [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134888 2016-07-20] (ELAN Microelectronics Corp.)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1210352 2016-03-23] (Lenovo)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [382440 2016-09-03] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [62792 2016-12-01] (Lenovo Group Limited)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-10-19] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-27] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-07-01] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-27] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 SAService; C:\Windows\system32\SAsrv.exe [431960 2015-09-15] (Conexant Systems, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-28] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2400184 2016-06-29] (Qualcomm Atheros, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2016-01-22] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3118848 2016-05-12] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-28 22:08 - 2016-12-28 22:08 - 00023551 _____ C:\Users\rubai\Downloads\FRST.txt
2016-12-28 22:07 - 2016-12-28 22:08 - 00000000 ____D C:\FRST
2016-12-28 21:55 - 2016-12-28 22:07 - 02420736 _____ (Farbar) C:\Users\rubai\Downloads\FRST64.exe
2016-12-28 21:54 - 2016-12-28 22:07 - 00899072 _____ C:\Users\rubai\Downloads\RGSA.exe
2016-12-28 21:40 - 2016-12-28 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-12-28 07:48 - 2016-12-28 07:48 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2016-12-28 07:48 - 2016-12-28 07:48 - 00000000 _SHDL C:\Users\defaultuser0\My Documents
2016-12-28 07:48 - 2016-12-28 07:48 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Videos
2016-12-28 07:48 - 2016-12-28 07:48 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Pictures
2016-12-28 07:48 - 2016-12-28 07:48 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Music
2016-12-28 07:48 - 2016-12-27 16:53 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Host App Service
2016-12-28 07:48 - 2016-12-27 16:48 - 00000000 ____D C:\Users\defaultuser0
2016-12-28 07:46 - 2016-12-28 07:46 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2016-12-28 07:46 - 2016-12-28 07:46 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2016-12-28 07:46 - 2016-12-28 07:46 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2016-12-28 07:46 - 2016-12-28 07:46 - 00000000 _SHDL C:\Users\Default\My Documents
2016-12-28 07:46 - 2016-12-28 07:46 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-12-28 07:46 - 2016-12-28 07:46 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-12-28 07:46 - 2016-12-28 07:46 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-12-28 07:46 - 2016-12-28 07:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-12-28 07:46 - 2016-12-28 07:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-12-28 07:46 - 2016-12-28 07:46 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-12-28 07:46 - 2016-12-28 07:46 - 00000000 _SHDL C:\Documents and Settings
2016-12-28 00:47 - 2016-12-28 00:47 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-12-28 00:27 - 2016-12-28 00:27 - 02365296 _____ (Microsoft Corporation) C:\Windows\system32\WudfUpdate_01011.dll
2016-12-27 23:52 - 2016-12-27 23:52 - 00002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-12-27 23:52 - 2016-12-27 23:52 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-12-27 23:48 - 2016-12-27 23:48 - 03907376 _____ (Microsoft Corporation) C:\Users\rubai\Downloads\Setup.X86.en-us_O365ProPlusRetail_009121f5-1790-439a-bb30-497507999e9b_TX_PR_b_32_.exe
2016-12-27 23:38 - 2016-12-27 23:38 - 01512368 _____ (Ruiware) C:\Users\rubai\Downloads\wpsetup (1).exe
2016-12-27 23:36 - 2016-12-28 22:01 - 00004208 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-12-27 23:36 - 2016-12-28 22:01 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-12-27 22:37 - 2016-12-27 22:37 - 00000000 ____D C:\Users\rubai\Downloads\Install JDownloader
2016-12-27 22:36 - 2016-12-27 22:36 - 01381582 _____ (Igor Pavlov) C:\Users\rubai\Downloads\7z1604-x64.exe
2016-12-27 22:36 - 2016-12-27 22:36 - 00248946 _____ C:\Users\rubai\Downloads\Install JDownloader.rar
2016-12-27 22:36 - 2016-12-27 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-12-27 22:36 - 2016-12-27 22:36 - 00000000 ____D C:\Program Files\7-Zip
2016-12-27 22:29 - 2016-12-27 22:29 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-27 22:09 - 2016-12-27 22:32 - 00000000 ____D C:\Users\rubai\AppData\Roaming\WinPatrol
2016-12-27 22:08 - 2016-12-27 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-12-27 22:08 - 2016-12-27 22:08 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-12-27 22:05 - 2016-12-27 22:05 - 00001821 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-12-27 22:05 - 2016-12-27 22:05 - 00000000 ____D C:\Users\rubai\AppData\Roaming\DAEMON Tools Lite
2016-12-27 22:05 - 2016-12-27 22:05 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-12-27 22:05 - 2016-12-27 22:05 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-12-27 22:03 - 2016-12-27 22:03 - 00692488 _____ (Disc Soft Ltd.) C:\Users\rubai\Downloads\DTLiteInstaller.exe
2016-12-27 21:58 - 2016-12-27 22:07 - 30533688 _____ C:\Users\rubai\Downloads\vlc-2.2.4-win32.exe
2016-12-27 21:57 - 2016-12-27 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2016-12-27 21:57 - 2016-12-27 23:38 - 00000000 ____D C:\ProgramData\InstallMate
2016-12-27 21:57 - 2016-12-27 21:57 - 00000000 ____D C:\Program Files (x86)\Ruiware
2016-12-27 21:56 - 2016-12-27 21:57 - 01512368 _____ (Ruiware) C:\Users\rubai\Downloads\wpsetup.exe
2016-12-27 21:44 - 2016-12-27 21:46 - 00000000 ____D C:\Users\rubai\AppData\Roaming\Apple Computer
2016-12-27 21:44 - 2016-12-27 21:44 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-27 21:44 - 2016-12-27 21:44 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-12-27 21:44 - 2016-12-27 21:44 - 00000000 ____D C:\Users\rubai\AppData\Local\Apple Computer
2016-12-27 21:44 - 2016-12-27 21:44 - 00000000 ____D C:\Users\rubai\AppData\Local\Apple
2016-12-27 21:44 - 2016-12-27 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-27 21:44 - 2016-12-27 21:44 - 00000000 ____D C:\ProgramData\Apple Computer
2016-12-27 21:44 - 2016-12-27 21:44 - 00000000 ____D C:\Program Files\iTunes
2016-12-27 21:44 - 2016-12-27 21:44 - 00000000 ____D C:\Program Files\iPod
2016-12-27 21:44 - 2016-12-27 21:44 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-27 21:43 - 2016-12-27 21:44 - 00000000 ____D C:\ProgramData\Apple
2016-12-27 21:43 - 2016-12-27 21:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-27 21:43 - 2016-12-27 21:43 - 00000000 ____D C:\Program Files\Bonjour
2016-12-27 21:43 - 2016-12-27 21:43 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-12-27 21:42 - 2016-12-27 21:42 - 00000000 ____D C:\Users\rubai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-12-27 21:33 - 2016-12-27 21:42 - 177044296 _____ (Apple Inc.) C:\Users\rubai\Downloads\iTunes6464Setup.exe
2016-12-27 21:31 - 2016-12-27 21:31 - 00000000 ____D C:\Users\rubai\Documents\My Filehippo Downloads
2016-12-27 21:30 - 2016-12-27 21:30 - 00000000 ___HD C:\OneDriveTemp
2016-12-27 21:23 - 2016-12-27 21:23 - 00000000 ____D C:\Users\rubai\AppData\Roaming\Innovative Solutions
2016-12-27 21:22 - 2016-12-27 21:22 - 00002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-12-27 21:22 - 2016-12-27 21:22 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-27 21:22 - 2016-12-27 21:22 - 00000000 ____D C:\Users\rubai\AppData\LocalLow\uTorrent
2016-12-27 21:22 - 2016-12-27 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-27 21:22 - 2016-12-27 21:22 - 00000000 ____D C:\Program Files\CCleaner
2016-12-27 21:21 - 2016-12-27 21:21 - 00002691 _____ C:\Users\rubai\Desktop\µTorrent.lnk
2016-12-27 21:19 - 2016-12-27 21:25 - 00000000 ____D C:\Users\rubai\AppData\Roaming\uTorrent
2016-12-27 21:19 - 2016-12-27 21:22 - 08803648 _____ (Piriform Ltd) C:\Users\rubai\Downloads\ccsetup525.exe
2016-12-27 21:19 - 2016-12-27 21:19 - 02237120 _____ (BitTorrent Inc.) C:\Users\rubai\Downloads\uTorrent.exe
2016-12-27 21:13 - 2016-12-06 15:17 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-12-27 21:13 - 2016-12-06 15:16 - 00153392 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-12-27 21:13 - 2016-12-06 15:16 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-12-27 21:13 - 2016-09-07 08:51 - 00040664 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-12-27 21:10 - 2016-12-27 21:26 - 00000376 _____ C:\Windows\Tasks\Health-Check-deep.job
2016-12-27 21:10 - 2016-12-27 21:26 - 00000368 _____ C:\Windows\Tasks\Health-Check.job
2016-12-27 21:10 - 2016-12-27 21:24 - 00004114 _____ C:\Windows\System32\Tasks\AupAvUpdate
2016-12-27 21:10 - 2016-12-27 21:24 - 00003828 _____ C:\Windows\System32\Tasks\UninstallMonitor
2016-12-27 21:10 - 2016-12-27 21:24 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2016-12-27 21:10 - 2016-12-27 21:13 - 00000000 ____D C:\Users\rubai\AppData\Local\Innovative Solutions
2016-12-27 21:10 - 2016-12-27 21:13 - 00000000 ____D C:\ProgramData\Innovative Solutions
2016-12-27 21:10 - 2016-12-27 21:10 - 00003002 _____ C:\Windows\System32\Tasks\Health-Check-deep
2016-12-27 21:10 - 2016-12-27 21:10 - 00002984 _____ C:\Windows\System32\Tasks\Health-Check
2016-12-27 21:10 - 2016-12-27 21:10 - 00001721 _____ C:\Users\rubai\Desktop\Advanced Uninstaller PRO 12.lnk
2016-12-27 21:10 - 2016-12-27 21:10 - 00001605 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
2016-12-27 21:10 - 2016-12-27 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2016-12-27 21:06 - 2016-12-27 21:06 - 10388528 _____ (Innovative Solutions ) C:\Users\rubai\Downloads\Advanced_Uninstaller12.exe
2016-12-27 21:04 - 2016-12-27 21:04 - 00000000 ____D C:\Users\rubai\AppData\Roaming\Oracle
2016-12-27 21:00 - 2016-12-27 21:00 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-12-27 21:00 - 2016-12-27 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-27 21:00 - 2016-12-27 21:00 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-27 20:28 - 2016-12-27 20:59 - 00737344 _____ (Oracle Corporation) C:\Users\rubai\Downloads\JavaSetup8u111.exe
2016-12-27 20:16 - 2016-12-28 00:26 - 00000000 ____D C:\Users\rubai\AppData\LocalLow\Mozilla
2016-12-27 20:16 - 2016-12-27 20:22 - 00000000 ____D C:\Users\rubai\AppData\Local\Mozilla
2016-12-27 20:16 - 2016-12-27 20:16 - 00001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-27 20:16 - 2016-12-27 20:16 - 00001223 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-27 20:16 - 2016-12-27 20:16 - 00000000 ____D C:\Users\rubai\AppData\Roaming\Mozilla
2016-12-27 20:16 - 2016-12-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-27 20:16 - 2016-12-27 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-27 20:14 - 2016-12-27 21:01 - 00000000 ____D C:\ProgramData\Oracle
2016-12-27 20:14 - 2016-12-27 20:15 - 00243552 _____ C:\Users\rubai\Downloads\Firefox Setup Stub 50.1.0.exe
2016-12-27 20:14 - 2016-12-27 20:14 - 00000000 ____D C:\Users\rubai\AppData\Roaming\Sun
2016-12-27 20:14 - 2016-12-27 20:14 - 00000000 ____D C:\Users\rubai\AppData\LocalLow\Sun
2016-12-27 20:11 - 2016-12-27 20:13 - 63235648 _____ (Oracle Corporation) C:\Users\rubai\Downloads\jre-8u111-windows-x64.exe
2016-12-27 20:06 - 2016-12-28 00:26 - 00000000 ____D C:\Users\rubai\AppData\Roaming\Skype
2016-12-27 20:06 - 2016-12-27 20:06 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-12-27 20:06 - 2016-12-27 20:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-27 20:06 - 2016-12-27 20:06 - 00000000 ____D C:\Users\rubai\Tracing
2016-12-27 20:06 - 2016-12-27 20:06 - 00000000 ____D C:\ProgramData\Skype
2016-12-27 20:06 - 2016-12-27 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-12-27 20:05 - 2016-12-27 20:05 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2016-12-27 20:04 - 2016-12-27 20:06 - 43878872 _____ (Skype Technologies S.A.) C:\Users\rubai\Downloads\SkypeSetupFull.exe
2016-12-27 20:03 - 2016-12-27 20:04 - 02190552 _____ C:\Users\rubai\Downloads\appmanagersetup_2.0_b4_292.exe
2016-12-27 20:03 - 2016-12-27 20:03 - 00001856 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-12-27 20:03 - 2016-12-27 20:03 - 00000000 ____D C:\Users\rubai\AppData\Roaming\SUPERAntiSpyware.com
2016-12-27 20:03 - 2016-12-27 20:03 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-27 20:03 - 2016-12-27 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-12-27 20:03 - 2016-12-27 20:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-27 20:01 - 2016-12-27 20:02 - 28761688 _____ (SUPERAntiSpyware) C:\Users\rubai\Downloads\SUPERAntiSpyware.exe
2016-12-27 20:00 - 2016-12-27 22:29 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-12-27 20:00 - 2016-12-27 20:00 - 00001155 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2016-12-27 20:00 - 2016-12-27 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2016-12-27 20:00 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2016-12-27 20:00 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2016-12-27 19:59 - 2016-12-27 20:00 - 04291320 _____ (BrightFort LLC ) C:\Users\rubai\Downloads\spywareblastersetup55.exe
2016-12-27 19:58 - 2016-12-28 00:48 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-27 19:58 - 2016-12-27 21:28 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-27 19:58 - 2016-12-27 21:28 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-27 19:58 - 2016-12-27 21:28 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-27 19:58 - 2016-12-27 19:58 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-27 19:58 - 2016-12-27 19:58 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-27 19:58 - 2016-12-27 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-27 19:58 - 2016-12-27 19:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-27 19:58 - 2016-12-27 19:58 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-27 19:58 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-27 19:56 - 2016-12-27 19:57 - 54199488 _____ (Malwarebytes ) C:\Users\rubai\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-27 19:22 - 2016-07-15 19:29 - 07702016 _____ (Microsoft Corporation) C:\Windows\system32\NL7Models0011.dll
2016-12-27 19:22 - 2016-07-15 19:29 - 02454528 _____ (Microsoft Corporation) C:\Windows\system32\NL7Lexicons0011.dll
2016-12-27 19:22 - 2016-07-15 19:25 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\MSWB70011.dll
2016-12-27 19:22 - 2016-07-15 19:24 - 07417344 _____ (Microsoft Corporation) C:\Windows\system32\NL7Data0011.dll
2016-12-27 19:22 - 2016-07-15 18:40 - 07253504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NL7Data0011.dll
2016-12-27 19:22 - 2016-07-15 18:40 - 00526848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWB70011.dll
2016-12-27 19:22 - 2016-05-25 14:39 - 00002060 _____ C:\Windows\system32\noise.jpn
2016-12-27 19:22 - 2016-05-25 11:10 - 00002060 _____ C:\Windows\SysWOW64\noise.jpn
2016-12-27 19:20 - 2016-07-15 19:29 - 01794048 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0045.dll
2016-12-27 19:20 - 2016-07-15 19:26 - 03054080 _____ (Microsoft Corporation) C:\Windows\system32\MLS1.dll
2016-12-27 19:20 - 2016-07-15 19:26 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0045.dll
2016-12-27 19:20 - 2016-07-15 18:45 - 01794048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0045.dll
2016-12-27 19:20 - 2016-07-15 18:43 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData0045.dll
2016-12-27 19:20 - 2016-07-15 18:39 - 03004416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MLS1.dll
2016-12-27 19:05 - 2016-12-27 17:14 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-12-27 18:42 - 2016-12-27 18:42 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-27 18:42 - 2016-12-27 18:42 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-27 18:31 - 2016-12-27 18:34 - 00000000 ____D C:\Windows\system32\MRT
2016-12-27 18:31 - 2016-12-27 18:31 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-27 18:26 - 2016-12-09 10:32 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-27 18:26 - 2016-12-09 10:29 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll
2016-12-27 18:26 - 2016-12-09 10:19 - 01293152 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-12-27 18:26 - 2016-12-09 10:18 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2016-12-27 18:26 - 2016-12-09 10:18 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2016-12-27 18:26 - 2016-12-09 10:18 - 00947552 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2016-12-27 18:26 - 2016-12-09 10:18 - 00811872 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2016-12-27 18:26 - 2016-12-09 10:15 - 08168000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2016-12-27 18:26 - 2016-12-09 10:15 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-12-27 18:26 - 2016-12-09 10:14 - 01274712 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-12-27 18:26 - 2016-12-09 10:01 - 02323728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-12-27 18:26 - 2016-12-09 10:01 - 01503544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-12-27 18:26 - 2016-12-09 09:57 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-12-27 18:26 - 2016-12-09 09:52 - 01435896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-27 18:26 - 2016-12-09 09:51 - 00117240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-27 18:26 - 2016-12-09 09:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WordBreakers.dll
2016-12-27 18:26 - 2016-12-09 09:38 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-27 18:26 - 2016-12-09 09:37 - 00411136 _____ (Microsoft Corporation) C:\Windows\system32\facecredentialprovider.dll
2016-12-27 18:26 - 2016-12-09 09:36 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-12-27 18:26 - 2016-12-09 09:36 - 03059200 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-27 18:26 - 2016-12-09 09:36 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2016-12-27 18:26 - 2016-12-09 09:36 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-12-27 18:26 - 2016-12-09 09:33 - 03777536 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-12-27 18:26 - 2016-12-09 09:33 - 01589760 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2016-12-27 18:26 - 2016-12-09 09:31 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-12-27 18:26 - 2016-12-09 09:30 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-12-27 18:26 - 2016-12-09 09:28 - 03306496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-12-27 18:26 - 2016-12-09 09:27 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-27 18:26 - 2016-12-09 09:26 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2016-12-27 18:26 - 2016-12-09 09:24 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-12-27 18:26 - 2016-12-09 09:22 - 02820096 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-12-27 18:26 - 2016-12-09 09:22 - 02688512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-12-27 18:26 - 2016-12-09 09:19 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2016-12-27 18:26 - 2016-12-09 09:19 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-12-27 18:26 - 2016-12-09 09:18 - 02138112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-12-27 18:26 - 2016-12-09 09:16 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-12-27 18:26 - 2016-12-09 09:15 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-27 18:26 - 2016-12-09 09:15 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2016-12-27 18:26 - 2016-12-09 09:15 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EditBufferTestHook.dll
2016-12-27 18:26 - 2016-11-11 10:15 - 00101216 _____ (Microsoft Corporation) C:\Windows\system32\DeviceReactivation.dll
2016-12-27 18:26 - 2016-11-11 10:14 - 00603488 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2016-12-27 18:26 - 2016-11-11 10:13 - 00352096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2016-12-27 18:26 - 2016-11-11 10:03 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2016-12-27 18:26 - 2016-11-11 10:02 - 00360040 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-12-27 18:26 - 2016-11-11 10:01 - 01859264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-12-27 18:26 - 2016-11-11 10:00 - 00219488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-12-27 18:26 - 2016-11-11 09:57 - 04130432 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-12-27 18:26 - 2016-11-11 09:57 - 01473048 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-12-27 18:26 - 2016-11-11 09:56 - 01062480 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-12-27 18:26 - 2016-11-11 09:56 - 00187520 _____ (Microsoft Corporation) C:\Windows\system32\CloudStorageWizard.exe
2016-12-27 18:26 - 2016-11-11 09:56 - 00126568 _____ (Microsoft Corporation) C:\Windows\system32\mfaudiocnv.dll
2016-12-27 18:26 - 2016-11-11 09:55 - 01600624 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-12-27 18:26 - 2016-11-11 09:55 - 00882680 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeManagerObj.dll
2016-12-27 18:26 - 2016-11-11 09:55 - 00743224 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-12-27 18:26 - 2016-11-11 09:51 - 00454592 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2016-12-27 18:26 - 2016-11-11 09:28 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\CbtBackgroundManagerPolicy.dll
2016-12-27 18:26 - 2016-11-11 09:27 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\lpremove.exe
2016-12-27 18:26 - 2016-11-11 09:25 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2016-12-27 18:26 - 2016-11-11 09:25 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2016-12-27 18:26 - 2016-11-11 09:24 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-12-27 18:26 - 2016-11-11 09:24 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2016-12-27 18:26 - 2016-11-11 09:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2016-12-27 18:26 - 2016-11-11 09:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-12-27 18:26 - 2016-11-11 09:22 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-12-27 18:26 - 2016-11-11 09:21 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-12-27 18:26 - 2016-11-11 09:20 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2016-12-27 18:26 - 2016-11-11 09:20 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2016-12-27 18:26 - 2016-11-11 09:19 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2016-12-27 18:26 - 2016-11-11 09:16 - 01477632 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2016-12-27 18:26 - 2016-11-11 09:16 - 00560128 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2016-12-27 18:26 - 2016-11-11 09:14 - 02104320 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2016-12-27 18:26 - 2016-11-11 09:14 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-12-27 18:26 - 2016-11-11 09:13 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-12-27 18:26 - 2016-11-11 09:12 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2016-12-27 18:26 - 2016-11-11 09:11 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2016-12-27 18:26 - 2016-11-11 09:08 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2016-12-27 18:26 - 2016-11-11 09:07 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2016-12-27 18:26 - 2016-11-11 09:05 - 04136448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2016-12-27 18:26 - 2016-11-11 09:05 - 02852864 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-27 18:26 - 2016-11-11 09:05 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-12-27 18:26 - 2016-11-11 09:04 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2016-12-27 18:26 - 2016-11-11 09:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-12-27 18:26 - 2016-11-11 09:03 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-12-27 18:26 - 2016-11-11 09:02 - 03542016 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-12-27 18:26 - 2016-11-11 09:02 - 01726976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-12-27 18:26 - 2016-11-11 08:01 - 00167848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2016-12-27 18:26 - 2016-11-11 07:54 - 00122208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
2016-12-27 18:26 - 2016-11-11 07:49 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-27 18:26 - 2016-11-11 07:48 - 02277248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-12-27 18:26 - 2016-11-11 07:47 - 05722832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-12-27 18:26 - 2016-11-11 07:47 - 00527880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-12-27 18:26 - 2016-11-11 07:42 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-12-27 18:26 - 2016-11-11 07:42 - 01123912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-12-27 18:26 - 2016-11-11 07:42 - 00952416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-12-27 18:26 - 2016-11-11 07:42 - 00091936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfaudiocnv.dll
2016-12-27 18:26 - 2016-11-11 07:41 - 04311736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-12-27 18:26 - 2016-11-11 07:41 - 00157536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudStorageWizard.exe
2016-12-27 18:26 - 2016-11-11 07:38 - 01263856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-12-27 18:26 - 2016-11-11 07:25 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-12-27 18:26 - 2016-11-11 07:25 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-12-27 18:26 - 2016-11-11 07:23 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-27 18:26 - 2016-11-11 07:22 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2016-12-27 18:26 - 2016-11-11 07:21 - 00332288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-12-27 18:26 - 2016-11-11 07:19 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2016-12-27 18:26 - 2016-11-11 07:18 - 02333184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-12-27 18:26 - 2016-11-11 07:17 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-12-27 18:26 - 2016-11-11 07:15 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-12-27 18:26 - 2016-11-11 07:15 - 01357824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-12-27 18:26 - 2016-11-11 07:15 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-12-27 18:26 - 2016-11-11 07:15 - 00348672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2016-12-27 18:26 - 2016-11-11 07:10 - 06109184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-12-27 18:26 - 2016-11-11 07:10 - 00746496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2016-12-27 18:26 - 2016-11-11 07:09 - 05380608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-12-27 18:26 - 2016-11-11 07:09 - 00545280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2016-12-27 18:26 - 2016-11-11 07:08 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll
2016-12-27 18:26 - 2016-11-11 07:06 - 02362880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapRouter.dll
2016-12-27 18:26 - 2016-11-11 07:06 - 02109952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapGeocoder.dll
2016-12-27 18:26 - 2016-11-11 07:06 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxclu.dll
2016-12-27 18:26 - 2016-11-11 07:05 - 04423680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-12-27 18:26 - 2016-11-11 07:05 - 03370496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2016-12-27 18:26 - 2016-11-11 07:04 - 01992704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-12-27 18:26 - 2016-11-11 07:04 - 00912896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2016-12-27 18:26 - 2016-11-11 07:04 - 00715264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-12-27 18:26 - 2016-11-11 07:03 - 02484736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2016-12-27 18:26 - 2016-11-11 07:03 - 01556480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2016-12-27 18:26 - 2016-11-11 07:03 - 00760832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-12-27 18:26 - 2016-11-11 07:02 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2016-12-27 18:26 - 2016-11-02 12:01 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-12-27 18:26 - 2016-11-02 11:22 - 00601712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-12-27 18:26 - 2016-11-02 11:09 - 02257104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-27 18:26 - 2016-11-02 11:05 - 00405856 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-27 18:26 - 2016-11-02 11:03 - 00714592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-12-27 18:26 - 2016-11-02 11:01 - 00545936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-12-27 18:26 - 2016-11-02 10:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsensorgroup.dll
2016-12-27 18:26 - 2016-11-02 10:43 - 00198144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FSClient.dll
2016-12-27 18:26 - 2016-11-02 10:42 - 00632832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2016-12-27 18:26 - 20

#2 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 29 December 2016 - 05:57 AM

Scan logs from my old laptop (Sony VAIO i3) 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by upoma-efti (administrator) on UPOMA-EFTI-PC (28-12-2016 22:27:59)
Running from C:\Users\upoma-efti\Downloads
Loaded Profiles: upoma-efti (Available Profiles: upoma-efti & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\upoma-efti\AppData\Roaming\uTorrent\uTorrent.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BitTorrent Inc.) C:\Users\upoma-efti\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(BitTorrent Inc.) C:\Users\upoma-efti\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\Run: [uTorrent] => C:\Users\upoma-efti\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-19] (BitTorrent Inc.)
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-13] (SUPERAntiSpyware)
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-07-27] (Ruiware)
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\MountPoints2: {4e205d96-826d-11e6-991d-0024bec07c8b} - "E:\startme.exe" 
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2686c023-5fe9-45d6-bc9d-dd5da652213e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{48ad0809-ef32-4f29-afdd-71e1660bdca9}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKU\S-1-5-21-1687197661-551072276-2564851244-1000 -> {0B69DF57-5D50-42C1-ACDB-0FEEAF5A8A0B} URL = 
SearchScopes: HKU\S-1-5-21-1687197661-551072276-2564851244-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_112\bin\ssv.dll [2016-11-06] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-06] (Oracle Corporation)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\upoma-efti\AppData\Roaming\Mozilla\Firefox\Profiles\bwhtxa25.default-1482336262565 [2016-12-26]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-22] ()
FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default [2016-12-28]
CHR Extension: (Google Docs) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Session Buddy) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-11-18]
CHR Extension: (Google Docs Offline) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (WhatsApp™ Messenger) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\infelompnbbancffeibkenmdbbmpoged [2016-11-22]
CHR Extension: (LINE) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2016-12-02]
CHR Extension: (Office Online) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKU\S-1-5-21-1687197661-551072276-2564851244-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-09] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-04-18] (Fork, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
R2 IntelHaxm; C:\WINDOWS\System32\DRIVERS\IntelHaxm.sys [91392 2014-03-14] ()
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78200 2015-12-01] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [237912 2016-12-02] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-12-03] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [992600 2016-08-23] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [51288 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-08-23] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [110424 2016-08-23] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194440 2015-12-02] (AO Kaspersky Lab)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2016-07-16] (Marvell)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-28 22:27 - 2016-12-28 22:30 - 00022421 _____ C:\Users\upoma-efti\Downloads\FRST.txt
2016-12-28 22:27 - 2016-12-28 22:27 - 00899072 _____ C:\Users\upoma-efti\Downloads\RGSA.exe
2016-12-28 22:27 - 2016-12-28 22:27 - 00000000 ____D C:\FRST
2016-12-28 22:24 - 2016-12-28 22:27 - 02420736 _____ (Farbar) C:\Users\upoma-efti\Downloads\FRST64.exe
2016-12-27 18:37 - 2016-12-27 23:07 - 00000000 ____D C:\Users\upoma-efti\Desktop\To new laptop
2016-12-23 21:06 - 2016-12-26 21:26 - 00000000 ____D C:\Users\upoma-efti\AppData\LocalLow\Mozilla
2016-12-22 00:46 - 2016-12-22 00:46 - 20364888 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-12-21 23:45 - 2016-12-21 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-12-21 18:15 - 2016-12-21 18:15 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-12-21 16:52 - 2016-12-24 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-19 19:49 - 2016-12-27 15:34 - 00000000 ____D C:\Users\upoma-efti\AppData\LocalLow\uTorrent
2016-12-17 17:57 - 2016-12-11 23:56 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-17 17:57 - 2016-12-11 23:56 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 21:23 - 2016-12-09 10:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 21:23 - 2016-12-09 09:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 21:22 - 2016-12-09 10:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 21:22 - 2016-12-09 10:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 21:22 - 2016-12-09 10:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 21:22 - 2016-12-09 10:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 21:22 - 2016-12-09 10:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 21:22 - 2016-12-09 10:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 21:22 - 2016-12-09 10:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 21:22 - 2016-12-09 10:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 21:22 - 2016-12-09 10:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 21:22 - 2016-12-09 10:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 21:22 - 2016-12-09 10:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 21:22 - 2016-12-09 09:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 21:22 - 2016-12-09 09:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 21:22 - 2016-12-09 09:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 21:22 - 2016-12-09 09:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 21:22 - 2016-12-09 09:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 21:22 - 2016-12-09 09:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 21:22 - 2016-12-09 09:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 21:22 - 2016-12-09 09:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 21:22 - 2016-12-09 09:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 21:22 - 2016-12-09 09:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 21:22 - 2016-12-09 09:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 21:22 - 2016-12-09 09:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 21:22 - 2016-12-09 09:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 21:22 - 2016-12-09 09:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 21:22 - 2016-12-09 09:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 21:22 - 2016-12-09 09:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 21:22 - 2016-12-09 09:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 21:22 - 2016-12-09 09:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 21:22 - 2016-12-09 09:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 21:22 - 2016-12-09 09:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 21:22 - 2016-12-09 09:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 21:22 - 2016-12-09 09:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 21:22 - 2016-12-09 09:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 21:22 - 2016-12-09 09:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 21:22 - 2016-12-09 09:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 21:22 - 2016-12-09 09:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 21:22 - 2016-12-09 09:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 21:22 - 2016-12-09 09:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 21:22 - 2016-12-09 09:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 21:22 - 2016-12-09 09:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 21:22 - 2016-12-09 09:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 21:21 - 2016-12-09 10:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 21:21 - 2016-12-09 10:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 21:21 - 2016-12-09 10:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 21:21 - 2016-12-09 10:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 21:21 - 2016-12-09 10:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 21:21 - 2016-12-09 10:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 21:21 - 2016-12-09 10:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 21:21 - 2016-12-09 10:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 21:21 - 2016-12-09 10:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 21:21 - 2016-12-09 10:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 21:21 - 2016-12-09 10:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 21:21 - 2016-12-09 10:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 21:21 - 2016-12-09 10:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 21:21 - 2016-12-09 10:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 21:21 - 2016-12-09 10:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 21:21 - 2016-12-09 10:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 21:21 - 2016-12-09 10:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 21:21 - 2016-12-09 10:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 21:21 - 2016-12-09 10:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 21:21 - 2016-12-09 09:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 21:21 - 2016-12-09 09:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 21:21 - 2016-12-09 09:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 21:21 - 2016-12-09 09:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 21:21 - 2016-12-09 09:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 21:21 - 2016-12-09 09:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 21:21 - 2016-12-09 09:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 21:21 - 2016-12-09 09:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 21:21 - 2016-12-09 09:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 21:21 - 2016-12-09 09:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 21:21 - 2016-12-09 09:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 21:21 - 2016-12-09 09:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 21:21 - 2016-12-09 09:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 21:21 - 2016-12-09 09:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 21:21 - 2016-12-09 09:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 21:21 - 2016-12-09 09:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 21:21 - 2016-12-09 09:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 21:21 - 2016-12-09 09:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 21:21 - 2016-12-09 09:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 21:21 - 2016-12-09 09:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 21:21 - 2016-12-09 09:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 21:21 - 2016-12-09 09:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 21:21 - 2016-12-09 09:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 21:21 - 2016-12-09 09:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 21:21 - 2016-12-09 09:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 21:21 - 2016-12-09 09:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 21:21 - 2016-12-09 09:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 21:21 - 2016-12-09 09:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 21:21 - 2016-12-09 09:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 21:21 - 2016-12-09 09:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 21:21 - 2016-12-09 09:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 21:21 - 2016-12-09 09:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 21:21 - 2016-12-09 08:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 21:20 - 2016-12-09 10:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 21:20 - 2016-12-09 10:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 21:20 - 2016-12-09 10:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 21:20 - 2016-12-09 10:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 21:20 - 2016-12-09 10:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 21:20 - 2016-12-09 10:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 21:20 - 2016-12-09 09:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 21:20 - 2016-12-09 09:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 21:20 - 2016-12-09 09:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 21:20 - 2016-12-09 09:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 21:20 - 2016-12-09 09:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 21:20 - 2016-12-09 09:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 21:20 - 2016-12-09 09:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 21:20 - 2016-12-09 09:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 21:20 - 2016-12-09 09:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 21:20 - 2016-12-09 09:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 21:20 - 2016-12-09 09:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-09 21:19 - 2016-11-11 09:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-09 21:19 - 2016-11-11 09:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-09 21:18 - 2016-11-11 10:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-09 21:18 - 2016-11-11 10:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 21:18 - 2016-11-11 10:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 21:18 - 2016-11-11 10:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 21:18 - 2016-11-11 10:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 21:18 - 2016-11-11 10:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 21:18 - 2016-11-11 10:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 21:18 - 2016-11-11 10:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-09 21:18 - 2016-11-11 09:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-09 21:18 - 2016-11-11 09:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 21:18 - 2016-11-11 09:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-09 21:18 - 2016-11-11 09:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 21:18 - 2016-11-11 09:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-09 21:18 - 2016-11-11 09:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 21:18 - 2016-11-11 09:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 21:18 - 2016-11-11 09:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 21:18 - 2016-11-11 09:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-09 21:18 - 2016-11-11 09:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-09 21:18 - 2016-11-11 09:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 21:18 - 2016-11-11 09:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-09 21:18 - 2016-11-11 09:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-09 21:18 - 2016-11-11 09:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 21:18 - 2016-11-11 09:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-09 21:18 - 2016-11-11 09:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 21:18 - 2016-11-11 09:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 21:18 - 2016-11-11 09:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-09 21:18 - 2016-11-11 09:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 21:18 - 2016-11-11 07:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-09 21:18 - 2016-11-11 07:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 21:18 - 2016-11-11 07:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 21:18 - 2016-11-11 07:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-09 21:18 - 2016-11-11 07:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 21:18 - 2016-11-11 07:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 21:18 - 2016-11-11 07:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 21:18 - 2016-11-11 07:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 21:18 - 2016-11-11 07:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 21:18 - 2016-11-11 07:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 21:18 - 2016-11-11 07:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 21:18 - 2016-11-11 07:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 21:18 - 2016-11-11 07:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 21:18 - 2016-11-11 07:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 21:18 - 2016-11-11 07:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 21:18 - 2016-11-11 07:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 21:18 - 2016-11-11 07:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 21:18 - 2016-11-11 07:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 21:18 - 2016-11-11 07:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 21:18 - 2016-11-11 07:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 21:18 - 2016-11-11 07:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 21:18 - 2016-11-11 07:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 21:18 - 2016-11-11 07:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 21:18 - 2016-11-11 07:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 21:18 - 2016-11-11 07:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 21:18 - 2016-11-11 07:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 21:18 - 2016-11-11 07:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 21:17 - 2016-11-11 10:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-09 21:17 - 2016-11-11 10:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 21:17 - 2016-11-11 09:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 21:17 - 2016-11-11 09:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 21:17 - 2016-11-11 09:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 21:17 - 2016-11-11 09:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 21:17 - 2016-11-11 09:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 21:17 - 2016-11-11 09:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-09 21:17 - 2016-11-11 09:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-09 21:17 - 2016-11-11 09:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 21:17 - 2016-11-11 09:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 21:17 - 2016-11-11 09:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 21:17 - 2016-11-11 09:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 21:17 - 2016-11-11 09:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 21:17 - 2016-11-11 09:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 21:17 - 2016-11-11 09:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-09 21:17 - 2016-11-11 09:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 21:17 - 2016-11-11 09:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 21:17 - 2016-11-11 09:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 21:17 - 2016-11-11 07:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 21:17 - 2016-11-11 07:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 21:17 - 2016-11-11 07:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 21:17 - 2016-11-11 07:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 21:17 - 2016-11-11 07:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 21:17 - 2016-11-11 07:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 21:16 - 2016-11-11 10:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 21:16 - 2016-11-11 09:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 21:16 - 2016-11-11 09:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-09 21:16 - 2016-11-11 09:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 21:16 - 2016-11-11 09:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 21:16 - 2016-11-11 09:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 21:16 - 2016-11-11 09:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 21:16 - 2016-11-11 09:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 21:16 - 2016-11-11 07:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-09 21:16 - 2016-11-11 07:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 21:15 - 2016-11-11 10:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 21:15 - 2016-11-11 09:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 21:15 - 2016-11-11 09:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 21:15 - 2016-11-11 09:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 21:15 - 2016-11-11 09:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 21:15 - 2016-11-11 08:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-09 21:15 - 2016-11-11 07:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 21:14 - 2016-11-11 10:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 21:14 - 2016-11-11 10:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 21:14 - 2016-11-11 09:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 21:14 - 2016-11-11 09:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 21:14 - 2016-11-11 09:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 21:14 - 2016-11-11 09:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-09 21:14 - 2016-11-11 09:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 21:14 - 2016-11-11 09:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-09 21:14 - 2016-11-11 09:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 21:14 - 2016-11-11 09:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 21:14 - 2016-11-11 09:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 21:14 - 2016-11-11 09:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 21:14 - 2016-11-11 09:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 21:14 - 2016-11-11 09:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 21:14 - 2016-11-11 07:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 21:14 - 2016-11-11 07:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 21:14 - 2016-11-11 07:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 21:14 - 2016-11-11 07:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 21:14 - 2016-11-11 07:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 21:14 - 2016-11-11 07:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 21:14 - 2016-11-11 07:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 21:14 - 2016-11-11 07:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 21:13 - 2016-11-11 09:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-09 21:13 - 2016-11-11 07:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-09 21:13 - 2016-11-11 07:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-09 21:12 - 2016-11-11 10:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 21:12 - 2016-11-11 09:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 21:12 - 2016-11-11 09:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 21:12 - 2016-11-11 09:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 21:12 - 2016-11-11 09:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 21:12 - 2016-11-11 09:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 21:12 - 2016-11-11 09:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 21:12 - 2016-11-11 09:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 21:12 - 2016-11-11 09:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 21:12 - 2016-11-11 09:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-09 21:12 - 2016-11-11 09:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 21:12 - 2016-11-11 09:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 21:12 - 2016-11-11 09:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-09 21:12 - 2016-11-11 09:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 21:12 - 2016-11-11 07:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 21:12 - 2016-11-11 07:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 21:12 - 2016-11-11 07:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 21:12 - 2016-11-11 07:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 21:12 - 2016-11-11 07:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 21:12 - 2016-11-11 07:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-09 21:11 - 2016-11-11 10:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 21:11 - 2016-11-11 10:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 21:11 - 2016-11-11 10:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 21:11 - 2016-11-11 09:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-09 21:11 - 2016-11-11 09:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 21:11 - 2016-11-11 09:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 21:11 - 2016-11-11 09:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 21:11 - 2016-11-11 09:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 21:11 - 2016-11-11 09:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-09 21:11 - 2016-11-11 09:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 21:11 - 2016-11-11 09:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 21:11 - 2016-11-11 09:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-09 21:11 - 2016-11-11 09:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-09 21:11 - 2016-11-11 08:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 21:11 - 2016-11-11 07:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 21:11 - 2016-11-11 07:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 21:11 - 2016-11-11 07:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-09 21:11 - 2016-11-11 07:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-09 21:11 - 2016-11-11 07:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 21:11 - 2016-11-11 07:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 21:11 - 2016-11-11 07:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 21:11 - 2016-11-11 07:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 21:11 - 2016-11-11 07:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-09 21:11 - 2016-11-11 07:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 21:11 - 2016-11-11 07:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 21:11 - 2016-11-11 07:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 21:11 - 2016-11-11 07:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 21:11 - 2016-11-11 07:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-09 21:11 - 2016-11-11 07:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 21:11 - 2016-11-11 07:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 21:11 - 2016-11-11 07:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 21:11 - 2016-11-11 07:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 21:11 - 2016-11-11 07:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 21:11 - 2016-11-11 07:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 21:10 - 2016-11-11 10:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 21:10 - 2016-11-11 10:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-09 21:10 - 2016-11-11 10:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-09 21:10 - 2016-11-11 09:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 21:10 - 2016-11-11 09:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 21:10 - 2016-11-11 09:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 21:10 - 2016-11-11 09:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 21:10 - 2016-11-11 09:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 21:10 - 2016-11-11 09:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 21:10 - 2016-11-11 09:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 21:10 - 2016-11-11 09:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-09 21:10 - 2016-11-11 09:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 21:10 - 2016-11-11 09:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 21:10 - 2016-11-11 09:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 21:10 - 2016-11-11 09:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 2

#3 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 31 December 2016 - 05:23 AM

Hello XZY5.
Welcome to SpywareInfo Forum.
I'm Android 8888 and I'll be helping you. Please ask questions if anything is unclear.


For now let's just take care of your new laptop (Lenovo IdeaPad 310 i7 64-bit). I suggest that you disconnect the old laptop from the router until the new laptop is clean.

Now I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.
Please follow the directions in the order listed.


I highly recommend that you consider uninstalling uTorrent. P2P (Peer-to-Peer) file sharing programs represent a security threat to the information on your system as they allow others to access your system. In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware.
 
There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.
 
 

NOTICE: The script below was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
 
Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.

Please copy the entire contents of the code box below.
To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

(SweetLabs, Inc) C:\Users\rubai\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKU\S-1-5-21-249857850-3300716479-2824224529-1001 -> DefaultScope {2EFAACDB-4865-45C6-849A-0F556923BA18} URL =
SearchScopes: HKU\S-1-5-21-249857850-3300716479-2824224529-1001 -> {2EFAACDB-4865-45C6-849A-0F556923BA18} URL =
CHR Extension: (Chrome Web Store Payments) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-27]
S2 0143641482962494mcinstcleanup; C:\Windows\TEMP\014364~1.EXE [961888 2016-05-16] (McAfee, Inc.)
C:\Users\defaultuser0\AppData\Local\Temp\oct836C.tmp.exe
C:\Users\rubai\AppData\Local\Temp\131273518702090365.exe
C:\Users\rubai\AppData\Local\Temp\oct5514.tmp.exe
Task: {A73D3A80-EB22-484B-B667-021B3050A5E7} - System32\Tasks\App Explorer => C:\Users\rubai\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2016-11-07] (SweetLabs, Inc)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [252]

End


Save the files as fixlist.txt in to the same folder as FRST64
Run FRST64 and click Fix only once and wait.
When finished FRST64 will generate a log on the Desktop (fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Please download AdwCleaner by Xplode and save it to your Desktop.

  • Close all open programs and internet browsers.
  • Right click on the icon and chose Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

 

In your next reply please post:
The fixlog.txt of the FRST tool (which should be located in C:\Users\rubai\Downloads)
The AdwCleaner log.

How is your laptop running now?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#4 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 31 December 2016 - 12:01 PM

Hi Android 8888, thank you very much for your help. 

 

I have had my old laptop turned off since I ran the scans on it and posted the logs here. I have followed your instructions in the order that you presented them (except the uninstallation of uTorrent, I fully understand the implications of that) and I'm posting the logs below. I wasn't sure whether you wanted me to post the scan log or the clean log so I've copied both in order. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by rubai (31-12-2016 17:27:49) Run:1
Running from C:\Users\rubai\Downloads
Loaded Profiles: rubai (Available Profiles: defaultuser0 & rubai)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
 
(SweetLabs, Inc) C:\Users\rubai\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKU\S-1-5-21-249857850-3300716479-2824224529-1001 -> DefaultScope {2EFAACDB-4865-45C6-849A-0F556923BA18} URL =
SearchScopes: HKU\S-1-5-21-249857850-3300716479-2824224529-1001 -> {2EFAACDB-4865-45C6-849A-0F556923BA18} URL =
CHR Extension: (Chrome Web Store Payments) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-27]
S2 0143641482962494mcinstcleanup; C:\Windows\TEMP\014364~1.EXE [961888 2016-05-16] (McAfee, Inc.)
C:\Users\defaultuser0\AppData\Local\Temp\oct836C.tmp.exe
C:\Users\rubai\AppData\Local\Temp\131273518702090365.exe
C:\Users\rubai\AppData\Local\Temp\oct5514.tmp.exe
Task: {A73D3A80-EB22-484B-B667-021B3050A5E7} - System32\Tasks\App Explorer => C:\Users\rubai\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2016-11-07] (SweetLabs, Inc)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [252]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\rubai\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe => No running process found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-249857850-3300716479-2824224529-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-249857850-3300716479-2824224529-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2EFAACDB-4865-45C6-849A-0F556923BA18}" => key removed successfully
HKCR\CLSID\{2EFAACDB-4865-45C6-849A-0F556923BA18} => key not found. 
C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\rubai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
0143641482962494mcinstcleanup => service removed successfully
C:\Users\defaultuser0\AppData\Local\Temp\oct836C.tmp.exe => moved successfully
C:\Users\rubai\AppData\Local\Temp\131273518702090365.exe => moved successfully
C:\Users\rubai\AppData\Local\Temp\oct5514.tmp.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A73D3A80-EB22-484B-B667-021B3050A5E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A73D3A80-EB22-484B-B667-021B3050A5E7}" => key removed successfully
C:\Windows\System32\Tasks\App Explorer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer" => key removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7665776 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15976770 B
Java, Flash, Steam htmlcache => 1029 B
Windows/system/drivers => 9123409 B
Edge => 6236713 B
Chrome => 775358598 B
Firefox => 57138117 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 185 B
systemprofile32 => 0 B
LocalService => 5770 B
NetworkService => 19266 B
defaultuser0 => 5765643 B
rubai => 127158402 B
 
RecycleBin => 1512470 B
EmptyTemp: => 959.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:28:27 ====
 
# AdwCleaner v6.041 - Logfile created 31/12/2016 at 17:36:08
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-30.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : rubai - LAPTOP-H11LMCGD
# Running from : C:\Users\rubai\Downloads\adwcleaner_6.041.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\defaultuser0\AppData\Local\Host App Service
Folder Found:  C:\Users\rubai\AppData\Local\Host App Service
Folder Found:  C:\ProgramData\Host App Service
Folder Found:  C:\ProgramData\Application Data\Host App Service
Folder Found:  C:\Users\rubai\AppData\Local\Host App Service
Folder Found:  C:\Users\Default\AppData\Local\Host App Service
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
Key Found:  HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
Key Found:  [x64] HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
Key Found:  HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\PRODUCTSETUP
Key Found:  HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Host App Service
Key Found:  HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\csastats
Key Found:  HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Key Found:  HKCU\Software\PRODUCTSETUP
Key Found:  HKCU\Software\Host App Service
Key Found:  HKCU\Software\csastats
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Key Found:  [x64] HKCU\Software\PRODUCTSETUP
Key Found:  [x64] HKCU\Software\Host App Service
Key Found:  [x64] HKCU\Software\csastats
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Data Found:  HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.lenovo.com
Data Found:  HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.lenovo.com
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.lenovo.com
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.lenovo.com
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.lenovo.com
Data Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.lenovo.com
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [3161 Bytes] - [31/12/2016 17:36:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3234 Bytes] ##########
 
# AdwCleaner v6.041 - Logfile created 31/12/2016 at 17:41:27
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-30.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : rubai - LAPTOP-H11LMCGD
# Running from : C:\Users\rubai\Downloads\adwcleaner_6.041.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\defaultuser0\AppData\Local\Host App Service
[-] Folder deleted: C:\Users\rubai\AppData\Local\Host App Service
[-] Folder deleted: C:\ProgramData\Host App Service
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Host App Service
[#] Folder deleted on reboot: C:\Users\rubai\AppData\Local\Host App Service
[-] Folder deleted: C:\Users\Default\AppData\Local\Host App Service
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[#] Key deleted on reboot: HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
[-] Key deleted: HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Host App Service
[-] Key deleted: HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\csastats
[-] Key deleted: HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\Host App Service
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\Host App Service
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[-] Data restored: HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] 
[-] Data restored: HKU\S-1-5-21-249857850-3300716479-2824224529-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3087 Bytes] - [31/12/2016 17:41:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [3341 Bytes] - [31/12/2016 17:36:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3233 Bytes] ##########
 
Again, thank you very much for all your help! My laptop is starting up much faster now, and I have stopped getting the prompt from WinPatrol about the start-up programmes and IE add-ons. I stopped receiving the prompt regarding Windows Command Processor prior to your reply however, but I'm not sure what that means - is it gone? is it just being quiet?  

#5 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 02 January 2017 - 11:05 AM

Hello XZY5.

Sorry for the delay in responding.

 

Again, thank you very much for all your help! My laptop is starting up much faster now, and I have stopped getting the prompt from WinPatrol about the start-up programmes and IE add-ons.

I'm glad to hear that. :)

 

I stopped receiving the prompt regarding Windows Command Processor prior to your reply however, but I'm not sure what that means - is it gone? is it just being quiet?

Windows Command Processor Notification is a rogue security program that will issue several alerts on the computer.

The file below detected and quarantined by Malwarebytes was probably one of the culprits:

-Blocked Malware Details-
File: 1
PUP.Optional.InstallCore, C:\Users\rubai\AppData\Local\Temp\13127351873594018888.exe, Quarantined, [8], [355724],0.0.0


Now your logs appear to be clean, so if you have no further issues with your laptop, then please proceed with the following housekeeping procedure outlined below.

Download delfix.pngDelFix (by Xplode) and save it to your Desktop.

Close all running programs and start delfix.exe.
Make sure that all available options are checked.
Click on Run.
DelFix should remove all our tools and delete itself afterwards.
I don't need the log file.


Are there any further questions?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#6 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 02 January 2017 - 11:18 AM

My new laptop is running great =] thank you 

 

However, I do have a number of important files that I need to transfer from my old laptop to my new one - it's totaling around 250gb of data. With the condition that my old laptop is in, I am not feeling confident connecting any storage devices to it as I'm afraid it could infect my new laptop again. What would be the best thing to do?


#7 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 02 January 2017 - 06:30 PM

Hello XZY5.

I will help you with your malware issues on your old laptop but first to make sure that your new laptop is completely free of malware please run another scan with ESET Online Scanner.
Please keep your old laptop disconnected from the router.

Now delete the old file of ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.


In your next reply please post the ESET log for my review (if it produced one).


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#8 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 03 January 2017 - 02:31 PM

C:\$Recycle.Bin\S-1-5-21-1687197661-551072276-2564851244-1000\$REWAXN4.iso a variant of Win32/ExpressDownloader.K potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-1687197661-551072276-2564851244-1000\$RCN7WE1\Big_Bang_Alive_Mini_Album_Rar.exe a variant of Win32/ExpressDownloader.K potentially unwanted application
C:\Users\upoma-efti\AppData\Roaming\uTorrent\updates\3.4.2_31515.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\upoma-efti\AppData\Roaming\uTorrent\updates\3.4.2_33080.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application

#9 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 04 January 2017 - 03:45 AM

Hello XZY5.

 

ESET found two threats in your Recycle Bin folder.

 

Please empty your Recycle Bin.

Right-click on the Recycle Bin icon and choose Empty Recycle Bin.

 

 

The other two threats are Potentially Unwanted Applications (PUA) that are related to the uTorrent application. A potentially unwanted application (PUA) is a program that contains adware, installs toolbars or has other unclear objectives, however it is not considered malware.

 

 

Now that your new laptop appears to be free of malware I can help you in searching for malware in your old computer so that you can transfer your data files to the new laptop.

 

Please let me know if you wish to continue.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#10 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 05 January 2017 - 05:51 PM

Hello XZY5.

 

If you are still with us please let me also know where did you downloaded the MS Office that you mentioned in your first post in this topic. Was it from an official and trusted website or was it through a peer-to-peer file-sharing program like uTorrent?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#11 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 05 January 2017 - 06:15 PM

Hi android8888

Sorry about the delay. The eset log I posted before was from my old laptop not the new one. The new one is clean, the old one I used eset to clean (I saved the export file prior to cleaning) so when I ran the scan again following your instructions eset found nothing in my old laptop so no log was made.

I downloaded MS office using my university's free subscription offer from Outlook. I haven't used utorrent in my new laptop at all.

#12 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 05 January 2017 - 06:34 PM

Hello XZY5.

 

Thank you for your reply.

 

 

 

Sorry about the delay.

No worries.

 

 

Now just let me know if you still need help in searching and removing any malware from your old computer so that you can feel confident to transfer your data files to the new laptop.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#13 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 05 January 2017 - 06:45 PM

So with the eset cleaning done it's fine now? I can transfer my files and reset the laptop? I'm mostly just unsure about it right now

#14 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 07 January 2017 - 04:26 AM

Hello XZY5.

Sorry for the delay.
 

So with the eset cleaning done it's fine now?

That is a good sign but could not be enough. Let's check it further.

 

Now please disconnect your new laptop from the router and keep it like that while we are working in your old computer.

 

Please download the free version Malwarebytes Anti-Malware from here

  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.

Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.


Please download AdwCleaner by Xplode and save it to your Desktop.

  • Close all open programs and internet browsers.
  • Right-click on the icon and chose Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

 

Please delete the old version of FRST64 and the logs it created in the folder C:\Users\upoma-efti\Downloads
Now download a new version from here and save it to your computer's Desktop.

  • Right-click on the icon and select Run As Administrator.
  • When the tool opens click Yes to disclaimer.
  • Click on the Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.


Please post:
Malwarebytes log.
AdwCleaner log.
The two logs from Farbar Recovery Scan Tool (FRST.txt and Addition.txt) each in their own replies (due to the length), and note any errors encountered. If any log was cut off, please check to see where it was cut off and post the remainder in an additional reply.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#15 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 08 January 2017 - 02:50 PM

Hi Android8888, this reply has the malwarebytes, and adwcleaner logs

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 08/01/2017
Scan Time: 18:20
Logfile: mwb.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.01.08.04
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: upoma-efti
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354450
Time Elapsed: 1 hr, 31 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v6.042 - Logfile created 08/01/2017 at 20:06:26
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : upoma-efti - UPOMA-EFTI-PC
# Running from : C:\Users\upoma-efti\Downloads\adwcleaner_6.042.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\upoma-efti\AppData\Local\DriverToolkit
Folder Found:  C:\Users\upoma-efti\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
Folder Found:  C:\Program Files (x86)\DriverToolkit
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found:  HKU\S-1-5-21-1687197661-551072276-2564851244-1000\Software\DriverToolkit
Key Found:  HKCU\Software\DriverToolkit
Key Found:  [x64] HKCU\Software\DriverToolkit
Key Found:  HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com
Chrome pref Found:  [C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Web data] - yahoo.com Search
Chrome pref Found:  [C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Web data] - speedial.com
Chrome pref Found:  [C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bakijjialdiiboeaknfpmflphhmljfkd
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [2085 Bytes] - [08/01/2017 20:06:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2158 Bytes] ##########
 
 
# AdwCleaner v6.042 - Logfile created 08/01/2017 at 20:10:30
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : upoma-efti - UPOMA-EFTI-PC
# Running from : C:\Users\upoma-efti\Downloads\adwcleaner_6.042.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\upoma-efti\AppData\Local\DriverToolkit
[-] Folder deleted: C:\Users\upoma-efti\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder deleted: C:\Program Files (x86)\DriverToolkit
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\Software\DriverToolkit
[#] Key deleted on reboot: HKCU\Software\DriverToolkit
[#] Key deleted on reboot: [x64] HKCU\Software\DriverToolkit
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: yahoo.com Search
[-] [C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: speedial.com
[-] [C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bakijjialdiiboeaknfpmflphhmljfkd
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2052 Bytes] - [08/01/2017 20:10:30]
C:\AdwCleaner\AdwCleaner[S0].txt - [2245 Bytes] - [08/01/2017 20:06:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2198 Bytes] ##########

#16 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 08 January 2017 - 02:51 PM

This is the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by upoma-efti (administrator) on UPOMA-EFTI-PC (08-01-2017 20:27:55)
Running from C:\Users\upoma-efti\Downloads
Loaded Profiles: upoma-efti & DefaultAppPool (Available Profiles: upoma-efti & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\upoma-efti\AppData\Roaming\uTorrent\uTorrent.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(BitTorrent Inc.) C:\Users\upoma-efti\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(BitTorrent Inc.) C:\Users\upoma-efti\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\Run: [uTorrent] => C:\Users\upoma-efti\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-19] (BitTorrent Inc.)
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-13] (SUPERAntiSpyware)
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-07-27] (Ruiware)
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\MountPoints2: {4e205d96-826d-11e6-991d-0024bec07c8b} - "E:\startme.exe" 
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2686c023-5fe9-45d6-bc9d-dd5da652213e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{48ad0809-ef32-4f29-afdd-71e1660bdca9}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKU\S-1-5-21-1687197661-551072276-2564851244-1000 -> {0B69DF57-5D50-42C1-ACDB-0FEEAF5A8A0B} URL = 
SearchScopes: HKU\S-1-5-21-1687197661-551072276-2564851244-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_112\bin\ssv.dll [2016-11-06] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-06] (Oracle Corporation)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\upoma-efti\AppData\Roaming\Mozilla\Firefox\Profiles\bwhtxa25.default-1482336262565 [2016-12-26]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-22] ()
FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default [2017-01-08]
CHR Extension: (Google Docs) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Session Buddy) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-11-18]
CHR Extension: (Google Docs Offline) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (WhatsApp™ Messenger) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\infelompnbbancffeibkenmdbbmpoged [2016-11-22]
CHR Extension: (LINE) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2016-12-02]
CHR Extension: (Office Online) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - hxxps://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-09] (Microsoft Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-04-18] (Fork, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
R2 IntelHaxm; C:\WINDOWS\System32\DRIVERS\IntelHaxm.sys [91392 2014-03-14] ()
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78200 2015-12-01] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [237912 2016-12-02] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-12-03] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [992600 2016-08-23] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [51288 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-08-23] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [110424 2016-08-23] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194440 2015-12-02] (AO Kaspersky Lab)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 ykinw8; C:\WINDOWS\System32\drivers\ykinx64.sys [288768 2016-07-16] (Marvell)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-08 20:27 - 2017-01-08 20:30 - 00021898 _____ C:\Users\upoma-efti\Downloads\FRST.txt
2017-01-08 20:26 - 2017-01-08 20:27 - 02419200 _____ (Farbar) C:\Users\upoma-efti\Downloads\FRST64.exe
2017-01-08 20:25 - 2017-01-08 20:25 - 00002285 _____ C:\Users\upoma-efti\Desktop\AdwCleaner[C0].txt
2017-01-08 20:09 - 2017-01-08 20:09 - 00002245 _____ C:\Users\upoma-efti\Desktop\AdwCleaner[S0].txt
2017-01-08 20:01 - 2017-01-08 20:10 - 00000000 ____D C:\AdwCleaner
2017-01-08 20:00 - 2017-01-08 20:01 - 03988944 _____ C:\Users\upoma-efti\Downloads\adwcleaner_6.042.exe
2017-01-08 19:55 - 2017-01-08 19:55 - 00001047 _____ C:\Users\upoma-efti\Desktop\mwb.txt
2017-01-04 19:59 - 2017-01-04 19:59 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-12-28 22:56 - 2016-12-28 22:56 - 00000000 ____D C:\Users\upoma-efti\AppData\Local\ESET
2016-12-28 22:27 - 2017-01-08 20:27 - 00000000 ____D C:\FRST
2016-12-27 18:37 - 2016-12-27 23:07 - 00000000 ____D C:\Users\upoma-efti\Desktop\To new laptop
2016-12-23 21:06 - 2016-12-26 21:26 - 00000000 ____D C:\Users\upoma-efti\AppData\LocalLow\Mozilla
2016-12-22 00:46 - 2016-12-22 00:46 - 20364888 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-12-21 23:45 - 2016-12-21 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-12-21 18:15 - 2016-12-21 18:15 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-12-21 16:52 - 2017-01-08 20:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-19 19:49 - 2017-01-08 20:15 - 00000000 ____D C:\Users\upoma-efti\AppData\LocalLow\uTorrent
2016-12-17 17:57 - 2016-12-11 23:56 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-17 17:57 - 2016-12-11 23:56 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 21:23 - 2016-12-09 10:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 21:23 - 2016-12-09 09:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 21:22 - 2016-12-09 10:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 21:22 - 2016-12-09 10:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 21:22 - 2016-12-09 10:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 21:22 - 2016-12-09 10:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 21:22 - 2016-12-09 10:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 21:22 - 2016-12-09 10:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 21:22 - 2016-12-09 10:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 21:22 - 2016-12-09 10:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 21:22 - 2016-12-09 10:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 21:22 - 2016-12-09 10:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 21:22 - 2016-12-09 10:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 21:22 - 2016-12-09 09:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 21:22 - 2016-12-09 09:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 21:22 - 2016-12-09 09:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 21:22 - 2016-12-09 09:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 21:22 - 2016-12-09 09:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 21:22 - 2016-12-09 09:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 21:22 - 2016-12-09 09:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 21:22 - 2016-12-09 09:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 21:22 - 2016-12-09 09:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 21:22 - 2016-12-09 09:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 21:22 - 2016-12-09 09:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 21:22 - 2016-12-09 09:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 21:22 - 2016-12-09 09:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 21:22 - 2016-12-09 09:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 21:22 - 2016-12-09 09:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 21:22 - 2016-12-09 09:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 21:22 - 2016-12-09 09:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 21:22 - 2016-12-09 09:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 21:22 - 2016-12-09 09:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 21:22 - 2016-12-09 09:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 21:22 - 2016-12-09 09:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 21:22 - 2016-12-09 09:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 21:22 - 2016-12-09 09:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 21:22 - 2016-12-09 09:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 21:22 - 2016-12-09 09:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 21:22 - 2016-12-09 09:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 21:22 - 2016-12-09 09:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 21:22 - 2016-12-09 09:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 21:22 - 2016-12-09 09:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 21:22 - 2016-12-09 09:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 21:22 - 2016-12-09 09:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 21:21 - 2016-12-09 10:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 21:21 - 2016-12-09 10:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 21:21 - 2016-12-09 10:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 21:21 - 2016-12-09 10:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 21:21 - 2016-12-09 10:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 21:21 - 2016-12-09 10:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 21:21 - 2016-12-09 10:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 21:21 - 2016-12-09 10:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 21:21 - 2016-12-09 10:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 21:21 - 2016-12-09 10:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 21:21 - 2016-12-09 10:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 21:21 - 2016-12-09 10:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 21:21 - 2016-12-09 10:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 21:21 - 2016-12-09 10:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 21:21 - 2016-12-09 10:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 21:21 - 2016-12-09 10:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 21:21 - 2016-12-09 10:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 21:21 - 2016-12-09 10:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 21:21 - 2016-12-09 10:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 21:21 - 2016-12-09 09:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 21:21 - 2016-12-09 09:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 21:21 - 2016-12-09 09:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 21:21 - 2016-12-09 09:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 21:21 - 2016-12-09 09:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 21:21 - 2016-12-09 09:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 21:21 - 2016-12-09 09:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 21:21 - 2016-12-09 09:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 21:21 - 2016-12-09 09:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 21:21 - 2016-12-09 09:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 21:21 - 2016-12-09 09:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 21:21 - 2016-12-09 09:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 21:21 - 2016-12-09 09:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 21:21 - 2016-12-09 09:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 21:21 - 2016-12-09 09:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 21:21 - 2016-12-09 09:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 21:21 - 2016-12-09 09:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 21:21 - 2016-12-09 09:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 21:21 - 2016-12-09 09:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 21:21 - 2016-12-09 09:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 21:21 - 2016-12-09 09:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 21:21 - 2016-12-09 09:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 21:21 - 2016-12-09 09:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 21:21 - 2016-12-09 09:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 21:21 - 2016-12-09 09:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 21:21 - 2016-12-09 09:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 21:21 - 2016-12-09 09:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 21:21 - 2016-12-09 09:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 21:21 - 2016-12-09 09:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 21:21 - 2016-12-09 09:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 21:21 - 2016-12-09 09:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 21:21 - 2016-12-09 09:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 21:21 - 2016-12-09 08:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 21:20 - 2016-12-09 10:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 21:20 - 2016-12-09 10:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 21:20 - 2016-12-09 10:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 21:20 - 2016-12-09 10:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 21:20 - 2016-12-09 10:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 21:20 - 2016-12-09 10:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 21:20 - 2016-12-09 09:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 21:20 - 2016-12-09 09:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 21:20 - 2016-12-09 09:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 21:20 - 2016-12-09 09:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 21:20 - 2016-12-09 09:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 21:20 - 2016-12-09 09:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 21:20 - 2016-12-09 09:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 21:20 - 2016-12-09 09:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 21:20 - 2016-12-09 09:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 21:20 - 2016-12-09 09:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 21:20 - 2016-12-09 09:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-09 21:19 - 2016-11-11 09:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-09 21:19 - 2016-11-11 09:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-09 21:18 - 2016-11-11 10:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-09 21:18 - 2016-11-11 10:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 21:18 - 2016-11-11 10:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 21:18 - 2016-11-11 10:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 21:18 - 2016-11-11 10:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 21:18 - 2016-11-11 10:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 21:18 - 2016-11-11 10:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 21:18 - 2016-11-11 10:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-09 21:18 - 2016-11-11 09:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-09 21:18 - 2016-11-11 09:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 21:18 - 2016-11-11 09:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-09 21:18 - 2016-11-11 09:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 21:18 - 2016-11-11 09:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-09 21:18 - 2016-11-11 09:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 21:18 - 2016-11-11 09:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 21:18 - 2016-11-11 09:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 21:18 - 2016-11-11 09:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-09 21:18 - 2016-11-11 09:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-09 21:18 - 2016-11-11 09:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 21:18 - 2016-11-11 09:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-09 21:18 - 2016-11-11 09:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-09 21:18 - 2016-11-11 09:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 21:18 - 2016-11-11 09:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-09 21:18 - 2016-11-11 09:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 21:18 - 2016-11-11 09:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 21:18 - 2016-11-11 09:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-09 21:18 - 2016-11-11 09:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 21:18 - 2016-11-11 07:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-09 21:18 - 2016-11-11 07:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 21:18 - 2016-11-11 07:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 21:18 - 2016-11-11 07:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-09 21:18 - 2016-11-11 07:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 21:18 - 2016-11-11 07:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 21:18 - 2016-11-11 07:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 21:18 - 2016-11-11 07:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 21:18 - 2016-11-11 07:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 21:18 - 2016-11-11 07:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 21:18 - 2016-11-11 07:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 21:18 - 2016-11-11 07:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 21:18 - 2016-11-11 07:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 21:18 - 2016-11-11 07:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 21:18 - 2016-11-11 07:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 21:18 - 2016-11-11 07:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 21:18 - 2016-11-11 07:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 21:18 - 2016-11-11 07:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 21:18 - 2016-11-11 07:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 21:18 - 2016-11-11 07:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 21:18 - 2016-11-11 07:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 21:18 - 2016-11-11 07:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 21:18 - 2016-11-11 07:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 21:18 - 2016-11-11 07:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 21:18 - 2016-11-11 07:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 21:18 - 2016-11-11 07:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 21:18 - 2016-11-11 07:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 21:17 - 2016-11-11 10:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-09 21:17 - 2016-11-11 10:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 21:17 - 2016-11-11 09:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 21:17 - 2016-11-11 09:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 21:17 - 2016-11-11 09:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 21:17 - 2016-11-11 09:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 21:17 - 2016-11-11 09:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 21:17 - 2016-11-11 09:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-09 21:17 - 2016-11-11 09:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-09 21:17 - 2016-11-11 09:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 21:17 - 2016-11-11 09:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 21:17 - 2016-11-11 09:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 21:17 - 2016-11-11 09:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 21:17 - 2016-11-11 09:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 21:17 - 2016-11-11 09:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 21:17 - 2016-11-11 09:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-09 21:17 - 2016-11-11 09:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 21:17 - 2016-11-11 09:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 21:17 - 2016-11-11 09:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 21:17 - 2016-11-11 07:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 21:17 - 2016-11-11 07:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 21:17 - 2016-11-11 07:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 21:17 - 2016-11-11 07:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 21:17 - 2016-11-11 07:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 21:17 - 2016-11-11 07:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 21:16 - 2016-11-11 10:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 21:16 - 2016-11-11 09:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 21:16 - 2016-11-11 09:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-09 21:16 - 2016-11-11 09:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 21:16 - 2016-11-11 09:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 21:16 - 2016-11-11 09:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 21:16 - 2016-11-11 09:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 21:16 - 2016-11-11 09:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 21:16 - 2016-11-11 07:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-09 21:16 - 2016-11-11 07:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 21:15 - 2016-11-11 10:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 21:15 - 2016-11-11 09:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 21:15 - 2016-11-11 09:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 21:15 - 2016-11-11 09:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 21:15 - 2016-11-11 09:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 21:15 - 2016-11-11 08:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-09 21:15 - 2016-11-11 07:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 21:14 - 2016-11-11 10:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 21:14 - 2016-11-11 10:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 21:14 - 2016-11-11 09:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 21:14 - 2016-11-11 09:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 21:14 - 2016-11-11 09:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 21:14 - 2016-11-11 09:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-09 21:14 - 2016-11-11 09:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 21:14 - 2016-11-11 09:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-09 21:14 - 2016-11-11 09:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 21:14 - 2016-11-11 09:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 21:14 - 2016-11-11 09:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 21:14 - 2016-11-11 09:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 21:14 - 2016-11-11 09:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 21:14 - 2016-11-11 09:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 21:14 - 2016-11-11 07:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 21:14 - 2016-11-11 07:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 21:14 - 2016-11-11 07:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 21:14 - 2016-11-11 07:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 21:14 - 2016-11-11 07:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 21:14 - 2016-11-11 07:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 21:14 - 2016-11-11 07:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 21:14 - 2016-11-11 07:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 21:13 - 2016-11-11 09:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-09 21:13 - 2016-11-11 07:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-09 21:13 - 2016-11-11 07:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-09 21:12 - 2016-11-11 10:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 21:12 - 2016-11-11 09:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 21:12 - 2016-11-11 09:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 21:12 - 2016-11-11 09:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 21:12 - 2016-11-11 09:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 21:12 - 2016-11-11 09:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 21:12 - 2016-11-11 09:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 21:12 - 2016-11-11 09:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 21:12 - 2016-11-11 09:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 21:12 - 2016-11-11 09:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-09 21:12 - 2016-11-11 09:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 21:12 - 2016-11-11 09:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 21:12 - 2016-11-11 09:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-09 21:12 - 2016-11-11 09:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 21:12 - 2016-11-11 07:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 21:12 - 2016-11-11 07:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 21:12 - 2016-11-11 07:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 21:12 - 2016-11-11 07:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 21:12 - 2016-11-11 07:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 21:12 - 2016-11-11 07:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-09 21:11 - 2016-11-11 10:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 21:11 - 2016-11-11 10:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 21:11 - 2016-11-11 10:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 21:11 - 2016-11-11 09:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-09 21:11 - 2016-11-11 09:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 21:11 - 2016-11-11 09:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 21:11 - 2016-11-11 09:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 21:11 - 2016-11-11 09:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 21:11 - 2016-11-11 09:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-09 21:11 - 2016-11-11 09:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 21:11 - 2016-11-11 09:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 21:11 - 2016-11-11 09:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-09 21:11 - 2016-11-11 09:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-09 21:11 - 2016-11-11 08:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 21:11 - 2016-11-11 07:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 21:11 - 2016-11-11 07:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 21:11 - 2016-11-11 07:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-09 21:11 - 2016-11-11 07:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-09 21:11 - 2016-11-11 07:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 21:11 - 2016-11-11 07:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 21:11 - 2016-11-11 07:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 21:11 - 2016-11-11 07:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 21:11 - 2016-11-11 07:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-09 21:11 - 2016-11-11 07:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 21:11 - 2016-11-11 07:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 21:11 - 2016-11-11 07:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 21:11 - 2016-11-11 07:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 21:11 - 2016-11-11 07:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-09 21:11 - 2016-11-11 07:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 21:11 - 2016-11-11 07:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 21:11 - 2016-11-11 07:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 21:11 - 2016-11-11 07:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 21:11 - 2016-11-11 07:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 21:11 - 2016-11-11 07:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 21:10 - 2016-11-11 10:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 21:10 - 2016-11-11 10:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-09 21:10 - 2016-11-11 10:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-09 21:10 - 2016-11-11 09:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 21:10 - 2016-11-11 09:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 21:10 - 2016-11-11 09:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 21:10 - 2016-11-11 09:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 21:10 - 2016-11-11 09:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 21:10 - 2016-11-11 09:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 21:10 - 2016-11-11 09:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 21:10 - 2016-11-11 09:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-09 21:10 - 2016-11-11 09:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 21:10 - 2016-11-11 09:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 21:10 - 2016-11-11 09:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 21:10 - 2016-11-11 09:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 21

#17 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 08 January 2017 - 02:52 PM

This is the addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by upoma-efti (08-01-2017 20:32:18)
Running from C:\Users\upoma-efti\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-18 16:59:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1687197661-551072276-2564851244-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1687197661-551072276-2564851244-503 - Limited - Disabled)
Guest (S-1-5-21-1687197661-551072276-2564851244-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1687197661-551072276-2564851244-1002 - Limited - Enabled)
upoma-efti (S-1-5-21-1687197661-551072276-2564851244-1000 - Administrator - Enabled) => C:\Users\upoma-efti
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Genymotion version 2.3.1 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.3.1 - Genymobile)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{5657796F-9AA4-41D7-93A1-0D95CF6CEFE8}) (Version: 1.0.8 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.2.1549 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2115 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MPC-HC 1.7.10 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Prey Anti-Theft (x32 Version: 1.5.1 - Prey, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{69fb49e3-2848-40e8-9fdd-8f02e02c327a}) (Version: 1.1.24.0 - Sony)
Xperia Companion (x32 Version: 1.1.24.0 - Sony) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01542993-C6F9-44A4-8E58-A6EA74B96A9E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-10] (Microsoft Corporation)
Task: {03757B68-E4A6-416A-B1B6-8F9A47F2DFA4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {07C319F2-3560-420D-992D-1672DD2EDFA1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-09] (Microsoft Corporation)
Task: {0D9A3504-A9AF-4037-9F79-264685B24EAA} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {118397E6-4981-4940-9EDE-3DD433598C58} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {15F828A6-FCB9-46CC-B0B3-165FCA4EEE48} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {16DEAFF4-23C8-40FE-B5F6-291B43F5A878} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {173589E0-B2AF-4E8A-9CE5-C977106E95E9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1D4DCAA6-D5C9-44DC-87C6-4425D8DECB5B} - System32\Tasks\{2058DE20-7FDD-404D-BEE6-478FA26DAB3C} => pcalua.exe -a C:\Users\upoma-efti\Downloads\ARAOTH-00203290-764.EXE -d C:\Users\upoma-efti\Downloads
Task: {1F4C3001-A51B-4328-89AC-72072F413B84} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {1FA47187-5962-4857-B0D5-DDA85B03BA01} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {20527598-06A0-46B9-BD40-817EAEA987C7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {20F5D491-7B2D-4B55-8219-A2FE10DA24A6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {23F05FA0-38D4-4797-9ADA-6235EFFA4559} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {2991559C-F4ED-4472-89F4-BCF06750A4A8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2D382553-1D66-4BDE-9228-06439578FCEA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2D4A65C3-D2B3-46B4-A57C-A485FACBAD8D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {31C9AB36-0D7C-42A1-A582-37F3D5A28909} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {32E777E3-EE2F-4FB9-8471-13D55563B2BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-10] (Microsoft Corporation)
Task: {3D441B4C-FF0F-4801-AB8F-E934426AC5DA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {48BDCF7D-CF96-4FAE-8F1E-BEB704BD5F1C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4B04E05A-66EF-492E-8994-D77D45589266} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-09] (Microsoft Corporation)
Task: {4BE1DD6C-4C8E-4D54-9CEC-477CEE39CDF9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D37933F-B2BE-4209-B9DD-C4071EC56EBE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5E15EF56-649C-4D9A-BD1D-E6A0A51E39DD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {63B8DCDA-0C3F-4586-AB2E-360153B68A91} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {66FA87B0-0374-4A2F-8F33-EBA2CCD14853} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {69CC213B-224E-422C-A30C-2EEB38B183C6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7EE28D5C-9831-4DF6-A723-F38571503BF7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {83B59877-5F7F-4A39-9E54-D8064EAFE542} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {8C808A67-0DC9-493F-AAD3-42197B70E247} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {93AF3B41-759C-4419-B99A-2F82F1BCC3B1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {96E5ACF4-86D4-4C30-A4E2-3A8A768FB837} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9720BB58-62A4-48A4-AF00-67BDBA41C700} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A39D66AB-3B8B-44F7-B5FF-9459EF6A7510} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {A561703C-E92B-4144-8390-C0FF7C51A01F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-22] (Adobe Systems Incorporated)
Task: {A5867212-184F-4727-A724-1DA48518B623} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A8B5A315-DEED-415C-B29C-CB3E2CEE9B58} - System32\Tasks\{8D40092B-19CD-48FB-9011-5F8D84694E7B} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {AC01E164-F0F4-434C-9C69-D93334E44BB2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-10] (Microsoft Corporation)
Task: {AF0E7421-8078-455C-B607-0EDE27B3D81D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B42CD4F4-DBEE-4467-99E9-AA57B2B9927F} - System32\Tasks\{58C56BA6-AEDB-4DC0-B48A-1C3DB00E8E13} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.13.0.101&amp;LastError=12007
Task: {B4759D46-1C79-42C1-A243-D90D151C9E49} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {B6261EB6-339C-49EE-8744-B6B4A6A50D85} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BB1E9E13-65FF-4B46-9788-5C824B216365} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {C441F3CE-33C0-4EBB-A1EF-3F719754EC43} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C51955A8-84D6-40EC-9CB9-9F4CAEFCD455} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C6FF8A1E-33F7-41ED-9F30-1212552339E0} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D0193AF0-9374-443E-809A-333B6FB4BF52} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-12-16] (Microsoft Corporation)
Task: {D28C0147-5DC6-4745-AEB6-526808F37561} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCEFD524-869B-4D71-8765-EA92ACACB6DF} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DE5177EA-FB9F-42E3-90DD-1A1EFBAF5033} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DFAA2C04-9B9D-41B2-A28F-E0D22F82DD5C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E9CC52F8-1551-44AD-8A0A-EAA5199AFD1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F38580DB-E99E-45D7-8881-89A5F4672168} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {FE9D8DCB-D0B2-4B2B-A0B1-5859B9FB93CC} - System32\Tasks\{CD3FA160-1FF8-4F3F-88B1-90169B696844} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.2.0.103&amp;LastError=12002
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\upoma-efti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\LINE.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=menkifleemblimdogmoihpfopnplikde
ShortcutWithArgument: C:\Users\upoma-efti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WhatsApp™ Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=infelompnbbancffeibkenmdbbmpoged
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 21:22 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-14 21:22 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-05-18 10:38 - 2016-12-09 23:33 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-19 00:38 - 2016-09-19 00:38 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 21:21 - 2016-12-09 09:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 19:40 - 2016-11-02 10:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 19:39 - 2016-11-02 10:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 19:38 - 2016-11-02 10:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 19:39 - 2016-11-02 10:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 19:39 - 2016-11-02 10:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 19:40 - 2016-11-02 10:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-01-27 12:18 - 2015-01-27 12:18 - 02926800 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
2016-12-14 21:28 - 2016-12-14 21:29 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 21:28 - 2016-12-14 21:29 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 21:28 - 2016-12-14 21:29 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 21:28 - 2016-12-14 21:29 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2015-12-22 01:47 - 2015-12-22 01:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
2016-12-21 23:45 - 2016-11-11 20:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-12-21 23:45 - 2016-11-11 20:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-12-21 23:45 - 2016-11-11 20:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-12-21 23:45 - 2016-12-21 18:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-12-21 23:45 - 2016-11-11 20:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-12-21 23:45 - 2016-11-11 20:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-21 23:44 - 2016-11-11 20:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-21 23:44 - 2016-11-11 20:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-21 23:45 - 2016-11-11 20:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-12-21 23:45 - 2016-11-11 20:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-12-21 23:45 - 2016-12-21 18:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-21 23:45 - 2016-11-11 20:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-21 23:44 - 2016-11-11 20:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-12-21 23:45 - 2016-11-11 20:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-12-21 23:45 - 2016-11-11 20:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-12-21 23:45 - 2016-12-21 18:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-12-21 23:45 - 2016-11-11 20:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-12-21 23:45 - 2016-12-21 18:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-12-21 23:45 - 2016-11-11 20:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-12-21 23:45 - 2016-11-11 20:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-12-21 23:45 - 2016-11-11 20:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-12-21 23:45 - 2016-11-11 20:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-12-21 23:45 - 2016-11-11 20:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-12-21 23:45 - 2016-11-11 20:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-12-21 23:45 - 2016-11-11 20:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-12-21 23:45 - 2016-11-11 20:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-12-21 23:45 - 2016-11-11 20:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-12-21 23:45 - 2016-12-21 18:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-12-21 23:45 - 2016-12-21 18:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-12-21 23:45 - 2016-12-21 18:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-12-21 23:45 - 2016-12-21 18:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-12-21 23:45 - 2016-11-11 20:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-12-21 23:45 - 2016-12-21 18:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-21 23:44 - 2016-11-11 20:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-21 23:44 - 2016-12-21 18:26 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-12-21 23:44 - 2016-12-03 08:13 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-12-21 23:44 - 2016-12-21 18:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-21 23:44 - 2016-12-21 18:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-12-21 23:45 - 2016-11-11 20:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-12-21 23:45 - 2016-12-21 18:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-21 23:44 - 2016-11-11 20:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-21 23:44 - 2016-11-11 20:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-21 23:44 - 2016-12-21 18:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-12-21 23:45 - 2016-11-11 20:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-12-21 23:45 - 2016-12-21 18:26 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-12-21 23:45 - 2016-12-21 18:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-21 23:44 - 2016-12-21 18:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1687197661-551072276-2564851244-1000\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2016-08-30 19:04 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\upoma-efti\Pictures\erased__kayo_and_satoru__render_by_le_ryuuji-d9qa0qz.png
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{8390240D-E3D8-4A90-ACFB-3F2E63D38011}] => C:\Windows\Prey\versions\1.6.2\bin\node.exe
FirewallRules: [{88D32734-0C2A-4E88-8EFC-A0E8B47392D3}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B01282A0-4A67-4128-BF87-2C5C24C9E93B}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{24B4DD9A-C807-4E96-BF48-B49A0A23856E}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A7FA2257-374E-44DB-9873-E86906ED3661}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EF7A4521-20EF-414D-BACF-635981EEEF88}] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{D40807B3-010C-4819-ABFC-B6491C50BBD8}] => C:\Users\upoma-efti\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1E381840-4566-40C0-B935-53DF655BC644}] => C:\Users\upoma-efti\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{250237F7-889A-4155-872E-17CFB386BCD1}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [UDP Query User{6691417C-8F14-4D87-A539-58E511216F3B}C:\program files (x86)\jdownloader\jre\bin\javaw.exe] => C:\program files (x86)\jdownloader\jre\bin\javaw.exe
FirewallRules: [{6A5B1F95-27F3-4059-95B6-3BFBB2E4F5D8}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{82098A79-F9B4-4078-9596-474D81448837}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EB224A5-7692-44EA-A639-CAFE336A646D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A3815340-B2F1-49ED-84E8-AFE9A33AA901}] => C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{5E13938F-9BA9-4CB6-9F17-AE64AC99C45C}] => C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{D2540FC5-D1D3-4D64-BF2E-AA60C52867F5}] => C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{AD6F09BC-5BCE-4AB1-854F-8A0697B7D615}] => C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{82894AAE-7936-4C28-8CB1-83352A410BFB}] => C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{F9AACF5D-C50C-4E93-A35B-CA5C2424A2B0}] => C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{8506DAD3-12E3-414A-8D93-DA610AF2A981}] => C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{153FB0CA-3430-4132-84AC-DB2723F8EA65}] => C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{25E125D7-A3D0-4337-8910-4889BBE732D0}] => C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{E94951AF-50C1-4312-91FC-2122E8F447DF}] => C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{E5450F5B-82DA-4A29-9106-E4458F148277}] => C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{4D590A11-FD2E-431A-8D31-953924A2AB0C}] => C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{3BB4E330-092C-4B2A-AF51-1A00A6330B5C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{28A8991E-F321-4A25-A709-4D50D9751769}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AFA7CED8-84B8-4403-B655-5AA5DFF67286}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B03EFDBA-AF12-4543-9B0B-3644A744EC5A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{500F85B2-35B9-41BB-89D5-B0843280A90B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BFCF6EF4-5838-4019-B140-4A5699EE9AE2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB85D9E9-0DAB-41CB-9406-6E4FFF3B94F0}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C8CB892C-220B-426A-9167-9ED57236EFB4}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{29B360F2-FC18-499F-A4A0-4F6F5EAD3F3E}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{79157DFF-ED88-445A-896A-4EC2E40AFD67}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
12-12-2016 19:50:05 Windows Update
16-12-2016 22:03:36 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2017 08:12:28 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (01/08/2017 07:12:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpxsvc.exe, version: 1.0.0.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc00000fd
Fault offset: 0x00034e88
Faulting process id: 0x13334
Faulting application start time: 0x01d266ddf75eebdf
Faulting application path: C:\Windows\Prey\wpxsvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: d57b53db-0604-44b1-a8d0-af88e1921e53
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/05/2017 12:38:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15563
 
Error: (01/05/2017 12:38:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15563
 
Error: (01/05/2017 12:38:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/05/2017 12:29:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: upoma-efti-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/04/2017 10:57:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpxsvc.exe, version: 1.0.0.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc00000fd
Fault offset: 0x00034e88
Faulting process id: 0x41a0
Faulting application start time: 0x01d266007ea447ea
Faulting application path: C:\Windows\Prey\wpxsvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 0ce3c15c-74b8-4030-ad99-fe61d2b272c8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/03/2017 08:32:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wpxsvc.exe, version: 1.0.0.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc00000fd
Fault offset: 0x00034e88
Faulting process id: 0xb13c
Faulting application start time: 0x01d2619a70bb61e9
Faulting application path: C:\Windows\Prey\wpxsvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 7ccb5377-05ac-4f85-b2e3-af0e5c7fc0e8
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (01/08/2017 08:17:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.
 
Error: (01/08/2017 08:13:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/08/2017 08:13:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetMsmqActivator service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/08/2017 08:13:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.
 
Error: (01/08/2017 08:13:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/08/2017 08:13:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.
 
Error: (01/08/2017 08:12:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ClickToRunSvc service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (01/08/2017 08:12:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ClickToRunSvc service to connect.
 
Error: (01/08/2017 08:12:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (01/08/2017 08:10:19 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
 
CodeIntegrity:
===================================
  Date: 2016-12-28 21:08:27.617
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.10586.545_none_e11efdcb70d5fafe\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-28 21:08:27.609
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.10586.545_none_e11efdcb70d5fafe\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-28 21:08:27.604
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.10586.545_none_e11efdcb70d5fafe\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-28 21:08:27.597
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.10586.545_none_e11efdcb70d5fafe\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-28 21:08:27.589
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.10586.545_none_e11efdcb70d5fafe\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-28 21:08:27.585
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.10586.545_none_e11efdcb70d5fafe\MusNotificationUx.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-28 21:02:29.906
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-28 21:02:29.898
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-28 21:02:29.894
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-12-28 21:02:29.887
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 46%
Total physical RAM: 3950.09 MB
Available physical RAM: 2131.07 MB
Total Virtual: 7918.09 MB
Available Virtual: 5971.07 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:454.61 GB) (Free:151.86 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6AFB21E0)
Partition 1: (Not Active) - (Size=10.6 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=449 MB) - (Type=27)
 
==================== End of Addition.txt ============================

#18 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 09 January 2017 - 03:51 PM

Hello XZY5.


NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Press the Windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and click the OK button.
Please copy the entire contents of the code box below. To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.
 

Start

CreateRestorePoint:
CloseProcesses:
EmptyTemp:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKU\S-1-5-21-1687197661-551072276-2564851244-1000 -> {0B69DF57-5D50-42C1-ACDB-0FEEAF5A8A0B} URL =
SearchScopes: HKU\S-1-5-21-1687197661-551072276-2564851244-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
CHR Extension: (Chrome Web Store Payments) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
Task: {173589E0-B2AF-4E8A-9CE5-C977106E95E9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1FA47187-5962-4857-B0D5-DDA85B03BA01} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2991559C-F4ED-4472-89F4-BCF06750A4A8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2D382553-1D66-4BDE-9228-06439578FCEA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3D441B4C-FF0F-4801-AB8F-E934426AC5DA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {48BDCF7D-CF96-4FAE-8F1E-BEB704BD5F1C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5D37933F-B2BE-4209-B9DD-C4071EC56EBE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {66FA87B0-0374-4A2F-8F33-EBA2CCD14853} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {93AF3B41-759C-4419-B99A-2F82F1BCC3B1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9720BB58-62A4-48A4-AF00-67BDBA41C700} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AF0E7421-8078-455C-B607-0EDE27B3D81D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C51955A8-84D6-40EC-9CB9-9F4CAEFCD455} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DFAA2C04-9B9D-41B2-A28F-E0D22F82DD5C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FE9D8DCB-D0B2-4B2B-A0B1-5859B9FB93CC} - System32\Tasks\{CD3FA160-1FF8-4F3F-88B1-90169B696844} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.2.0.103&amp;LastError=12002
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

End


Save the files as fixlist.txt in to the same folder as FRST64
Run FRST64 and click Fix only once and wait.
When finished FRST64 will generate a log on the Desktop (fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.


Please re-run ESET Online Scanner to check for leftovers.
 

  • Close all your programs and browsers.
  • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
  • Right-click on esetonlinescanner_enu.exe to start ESET Online Scanner.
  • Click Yes to accept any security warnings that may appear.
  • It will open a window with the Terms of use. Click on the Accept button.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
  • Enable detection of potentially unsafe applications
  • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, ESET will not produce a log.

Please re-enable your antivirus program.


Please download Security Analysis by Rocket Grannie from here
 

  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.

 

In your next reply please post for my review:
The contents of fixlog.txt produced by FRST.
The ESET log (if it produced one).
The RGSA log.

 

How is this computer running?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#19 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 11 January 2017 - 05:05 PM

Hi Android8888, because of how long the scans seem to be taking on my old laptop, I am unable to run them during the week because of work. I will carry out your instructions and post the log files over the weekend

#20 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 12 January 2017 - 01:21 PM

Hello XZY5.

 

That's fine. I will keep this thread open and I'll wait for the logs.

 

Android 8888


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#21 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 14 January 2017 - 04:30 PM

I've run all the scan (copied below), my old laptop has been very slow for a while now. It does seem to be a bit faster but overall I can't really tell/be sure as it is quite old

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-01-2017
Ran by upoma-efti (14-01-2017 14:13:07) Run:1
Running from C:\Users\upoma-efti\Downloads
Loaded Profiles: upoma-efti & DefaultAppPool (Available Profiles: upoma-efti & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKU\S-1-5-21-1687197661-551072276-2564851244-1000 -> {0B69DF57-5D50-42C1-ACDB-0FEEAF5A8A0B} URL =
SearchScopes: HKU\S-1-5-21-1687197661-551072276-2564851244-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
CHR Extension: (Chrome Web Store Payments) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
Task: {173589E0-B2AF-4E8A-9CE5-C977106E95E9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1FA47187-5962-4857-B0D5-DDA85B03BA01} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2991559C-F4ED-4472-89F4-BCF06750A4A8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2D382553-1D66-4BDE-9228-06439578FCEA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3D441B4C-FF0F-4801-AB8F-E934426AC5DA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {48BDCF7D-CF96-4FAE-8F1E-BEB704BD5F1C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5D37933F-B2BE-4209-B9DD-C4071EC56EBE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {66FA87B0-0374-4A2F-8F33-EBA2CCD14853} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {93AF3B41-759C-4419-B99A-2F82F1BCC3B1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9720BB58-62A4-48A4-AF00-67BDBA41C700} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AF0E7421-8078-455C-B607-0EDE27B3D81D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C51955A8-84D6-40EC-9CB9-9F4CAEFCD455} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DFAA2C04-9B9D-41B2-A28F-E0D22F82DD5C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FE9D8DCB-D0B2-4B2B-A0B1-5859B9FB93CC} - System32\Tasks\{CD3FA160-1FF8-4F3F-88B1-90169B696844} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.2.0.103&amp;LastError=12002
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => key removed successfully
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found. 
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B69DF57-5D50-42C1-ACDB-0FEEAF5A8A0B} => key removed successfully
HKCR\CLSID\{0B69DF57-5D50-42C1-ACDB-0FEEAF5A8A0B} => key not found. 
HKU\S-1-5-21-1687197661-551072276-2564851244-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => key removed successfully
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found. 
C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi => key removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{173589E0-B2AF-4E8A-9CE5-C977106E95E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{173589E0-B2AF-4E8A-9CE5-C977106E95E9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FA47187-5962-4857-B0D5-DDA85B03BA01} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FA47187-5962-4857-B0D5-DDA85B03BA01} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2991559C-F4ED-4472-89F4-BCF06750A4A8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2991559C-F4ED-4472-89F4-BCF06750A4A8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D382553-1D66-4BDE-9228-06439578FCEA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D382553-1D66-4BDE-9228-06439578FCEA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D441B4C-FF0F-4801-AB8F-E934426AC5DA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D441B4C-FF0F-4801-AB8F-E934426AC5DA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48BDCF7D-CF96-4FAE-8F1E-BEB704BD5F1C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48BDCF7D-CF96-4FAE-8F1E-BEB704BD5F1C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D37933F-B2BE-4209-B9DD-C4071EC56EBE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D37933F-B2BE-4209-B9DD-C4071EC56EBE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66FA87B0-0374-4A2F-8F33-EBA2CCD14853} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66FA87B0-0374-4A2F-8F33-EBA2CCD14853} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93AF3B41-759C-4419-B99A-2F82F1BCC3B1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93AF3B41-759C-4419-B99A-2F82F1BCC3B1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9720BB58-62A4-48A4-AF00-67BDBA41C700} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9720BB58-62A4-48A4-AF00-67BDBA41C700} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF0E7421-8078-455C-B607-0EDE27B3D81D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF0E7421-8078-455C-B607-0EDE27B3D81D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C51955A8-84D6-40EC-9CB9-9F4CAEFCD455} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C51955A8-84D6-40EC-9CB9-9F4CAEFCD455} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFAA2C04-9B9D-41B2-A28F-E0D22F82DD5C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFAA2C04-9B9D-41B2-A28F-E0D22F82DD5C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE9D8DCB-D0B2-4B2B-A0B1-5859B9FB93CC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE9D8DCB-D0B2-4B2B-A0B1-5859B9FB93CC} => key removed successfully
C:\WINDOWS\System32\Tasks\{CD3FA160-1FF8-4F3F-88B1-90169B696844} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD3FA160-1FF8-4F3F-88B1-90169B696844} => key removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
 
ESET:
 
C:\Users\upoma-efti\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.A potentially unsafe 
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 17th December, 2016
Running from:C:\Users\upoma-efti\Desktop (21:06:57 - 01/14/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled!
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Kaspersky Internet Security (Enabled - Up to Date)
Windows Defender's ProductState is indeterminate
Kaspersky Internet Security (Enabled - Up to Date)
Windows Defender (Disabled - Up to Date)
Kaspersky Internet Security (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player Plugin (version 24.0.0.186)
Firefox (version 50)
Google Chrome (version 54)
Java (version 8.0.1110.14)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5.1)
SpywareBlaster (version 5.5)
SUPERAntiSpyware (version 6)
WinPatrol (version 33.6)
 
CCleaner (version 5.23) is *out of Date*
 
***----------------Analysis Complete-------------------------***

#22 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 15 January 2017 - 02:34 PM

Hello XZY5.

 

The threat detected by ESET is a PUA (Pottentially Unsafe Application) related to the uTorrent program and is not considered malware.

As such, and from what I see in the logs, your computer appears to be free of malware.

Let's check the integrity of the Operating System files.

 

Please press the Windows key + X button on your keyboard at the same time. This will open the Win+X Quick Link menu.
Click on Command Prompt (Admin).
Click Yes to accept any security warnings that may appear. This will open an Elevated Command Prompt window.
At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker command.
When the scan is complete, in the Command Prompt window copy and paste the following command and press Enter:

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"


Please attach (it may be large)  %userprofile%\Desktop\sfcdetails.txt to your next reply (it will be on your Desktop).

Next, read the article from this link and try to update the outdated device drivers that may appear in Device Manager.


How is the computer running now? Does it still running slow?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#23 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 21 January 2017 - 04:50 PM

Hi Android 8888, 

 

Sorry for the delay, the log is below

 

2017-01-21 21:31:05, Info                  CSI    00000006 [SR] Verifying 100 components
2017-01-21 21:31:05, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2017-01-21 21:31:17, Info                  CSI    0000006c [SR] Verify complete
2017-01-21 21:31:18, Info                  CSI    0000006d [SR] Verifying 100 components
2017-01-21 21:31:18, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2017-01-21 21:31:27, Info                  CSI    000000d4 [SR] Verify complete
2017-01-21 21:31:27, Info                  CSI    000000d5 [SR] Verifying 100 components
2017-01-21 21:31:27, Info                  CSI    000000d6 [SR] Beginning Verify and Repair transaction
2017-01-21 21:31:49, Info                  CSI    0000013d [SR] Verify complete
2017-01-21 21:31:50, Info                  CSI    0000013e [SR] Verifying 100 components
2017-01-21 21:31:50, Info                  CSI    0000013f [SR] Beginning Verify and Repair transaction
2017-01-21 21:32:21, Info                  CSI    000001a7 [SR] Verify complete
2017-01-21 21:32:21, Info                  CSI    000001a8 [SR] Verifying 100 components
2017-01-21 21:32:21, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2017-01-21 21:32:58, Info                  CSI    00000212 [SR] Verify complete
2017-01-21 21:32:58, Info                  CSI    00000213 [SR] Verifying 100 components
2017-01-21 21:32:58, Info                  CSI    00000214 [SR] Beginning Verify and Repair transaction
2017-01-21 21:33:27, Info                  CSI    0000027d [SR] Verify complete
2017-01-21 21:33:27, Info                  CSI    0000027e [SR] Verifying 100 components
2017-01-21 21:33:27, Info                  CSI    0000027f [SR] Beginning Verify and Repair transaction
2017-01-21 21:33:47, Info                  CSI    000002e4 [SR] Verify complete
2017-01-21 21:33:47, Info                  CSI    000002e5 [SR] Verifying 100 components
2017-01-21 21:33:47, Info                  CSI    000002e6 [SR] Beginning Verify and Repair transaction
2017-01-21 21:34:02, Info                  CSI    0000034b [SR] Verify complete
2017-01-21 21:34:02, Info                  CSI    0000034c [SR] Verifying 100 components
2017-01-21 21:34:02, Info                  CSI    0000034d [SR] Beginning Verify and Repair transaction
2017-01-21 21:34:12, Info                  CSI    000003b3 [SR] Verify complete
2017-01-21 21:34:12, Info                  CSI    000003b4 [SR] Verifying 100 components
2017-01-21 21:34:12, Info                  CSI    000003b5 [SR] Beginning Verify and Repair transaction
2017-01-21 21:34:29, Info                  CSI    0000041b [SR] Verify complete
2017-01-21 21:34:29, Info                  CSI    0000041c [SR] Verifying 100 components
2017-01-21 21:34:29, Info                  CSI    0000041d [SR] Beginning Verify and Repair transaction
2017-01-21 21:34:52, Info                  CSI    00000482 [SR] Verify complete
2017-01-21 21:34:52, Info                  CSI    00000483 [SR] Verifying 100 components
2017-01-21 21:34:52, Info                  CSI    00000484 [SR] Beginning Verify and Repair transaction
2017-01-21 21:35:05, Info                  CSI    000004ea [SR] Verify complete
2017-01-21 21:35:05, Info                  CSI    000004eb [SR] Verifying 100 components
2017-01-21 21:35:05, Info                  CSI    000004ec [SR] Beginning Verify and Repair transaction
2017-01-21 21:35:18, Info                  CSI    00000554 [SR] Verify complete
2017-01-21 21:35:18, Info                  CSI    00000555 [SR] Verifying 100 components
2017-01-21 21:35:18, Info                  CSI    00000556 [SR] Beginning Verify and Repair transaction
2017-01-21 21:35:50, Info                  CSI    000005bf [SR] Verify complete
2017-01-21 21:35:51, Info                  CSI    000005c0 [SR] Verifying 100 components
2017-01-21 21:35:51, Info                  CSI    000005c1 [SR] Beginning Verify and Repair transaction
2017-01-21 21:36:23, Info                  CSI    00000629 [SR] Verify complete
2017-01-21 21:36:24, Info                  CSI    0000062a [SR] Verifying 100 components
2017-01-21 21:36:24, Info                  CSI    0000062b [SR] Beginning Verify and Repair transaction
2017-01-21 21:36:42, Info                  CSI    00000692 [SR] Verify complete
2017-01-21 21:36:42, Info                  CSI    00000693 [SR] Verifying 100 components
2017-01-21 21:36:42, Info                  CSI    00000694 [SR] Beginning Verify and Repair transaction
2017-01-21 21:37:04, Info                  CSI    000006f9 [SR] Verify complete
2017-01-21 21:37:05, Info                  CSI    000006fa [SR] Verifying 100 components
2017-01-21 21:37:05, Info                  CSI    000006fb [SR] Beginning Verify and Repair transaction
2017-01-21 21:37:17, Info                  CSI    00000760 [SR] Verify complete
2017-01-21 21:37:18, Info                  CSI    00000761 [SR] Verifying 100 components
2017-01-21 21:37:19, Info                  CSI    00000762 [SR] Beginning Verify and Repair transaction
2017-01-21 21:37:34, Info                  CSI    000007c7 [SR] Verify complete
2017-01-21 21:37:34, Info                  CSI    000007c8 [SR] Verifying 100 components
2017-01-21 21:37:34, Info                  CSI    000007c9 [SR] Beginning Verify and Repair transaction
2017-01-21 21:37:44, Info                  CSI    00000832 [SR] Verify complete
2017-01-21 21:37:44, Info                  CSI    00000833 [SR] Verifying 100 components
2017-01-21 21:37:44, Info                  CSI    00000834 [SR] Beginning Verify and Repair transaction
2017-01-21 21:37:56, Info                  CSI    00000899 [SR] Verify complete
2017-01-21 21:37:56, Info                  CSI    0000089a [SR] Verifying 100 components
2017-01-21 21:37:56, Info                  CSI    0000089b [SR] Beginning Verify and Repair transaction
2017-01-21 21:38:05, Info                  CSI    00000900 [SR] Verify complete
2017-01-21 21:38:05, Info                  CSI    00000901 [SR] Verifying 100 components
2017-01-21 21:38:05, Info                  CSI    00000902 [SR] Beginning Verify and Repair transaction
2017-01-21 21:38:20, Info                  CSI    00000967 [SR] Verify complete
2017-01-21 21:38:20, Info                  CSI    00000968 [SR] Verifying 100 components
2017-01-21 21:38:20, Info                  CSI    00000969 [SR] Beginning Verify and Repair transaction
2017-01-21 21:38:40, Info                  CSI    000009ce [SR] Verify complete
2017-01-21 21:38:40, Info                  CSI    000009cf [SR] Verifying 100 components
2017-01-21 21:38:40, Info                  CSI    000009d0 [SR] Beginning Verify and Repair transaction
2017-01-21 21:38:48, Info                  CSI    00000a35 [SR] Verify complete
2017-01-21 21:38:49, Info                  CSI    00000a36 [SR] Verifying 100 components
2017-01-21 21:38:49, Info                  CSI    00000a37 [SR] Beginning Verify and Repair transaction
2017-01-21 21:38:58, Info                  CSI    00000a9c [SR] Verify complete
2017-01-21 21:38:58, Info                  CSI    00000a9d [SR] Verifying 100 components
2017-01-21 21:38:58, Info                  CSI    00000a9e [SR] Beginning Verify and Repair transaction
2017-01-21 21:39:15, Info                  CSI    00000b03 [SR] Verify complete
2017-01-21 21:39:15, Info                  CSI    00000b04 [SR] Verifying 100 components
2017-01-21 21:39:15, Info                  CSI    00000b05 [SR] Beginning Verify and Repair transaction
2017-01-21 21:39:30, Info                  CSI    00000b6b [SR] Verify complete
2017-01-21 21:39:30, Info                  CSI    00000b6c [SR] Verifying 100 components
2017-01-21 21:39:30, Info                  CSI    00000b6d [SR] Beginning Verify and Repair transaction
2017-01-21 21:39:45, Info                  CSI    00000bd2 [SR] Verify complete
2017-01-21 21:39:45, Info                  CSI    00000bd3 [SR] Verifying 100 components
2017-01-21 21:39:45, Info                  CSI    00000bd4 [SR] Beginning Verify and Repair transaction
2017-01-21 21:39:59, Info                  CSI    00000c39 [SR] Verify complete
2017-01-21 21:40:00, Info                  CSI    00000c3a [SR] Verifying 100 components
2017-01-21 21:40:00, Info                  CSI    00000c3b [SR] Beginning Verify and Repair transaction
2017-01-21 21:40:12, Info                  CSI    00000ca0 [SR] Verify complete
2017-01-21 21:40:12, Info                  CSI    00000ca1 [SR] Verifying 100 components
2017-01-21 21:40:12, Info                  CSI    00000ca2 [SR] Beginning Verify and Repair transaction
2017-01-21 21:40:24, Info                  CSI    00000d07 [SR] Verify complete
2017-01-21 21:40:24, Info                  CSI    00000d08 [SR] Verifying 100 components
2017-01-21 21:40:24, Info                  CSI    00000d09 [SR] Beginning Verify and Repair transaction
2017-01-21 21:40:44, Info                  CSI    00000d80 [SR] Verify complete
2017-01-21 21:40:44, Info                  CSI    00000d81 [SR] Verifying 100 components
2017-01-21 21:40:44, Info                  CSI    00000d82 [SR] Beginning Verify and Repair transaction
2017-01-21 21:40:53, Info                  CSI    00000de7 [SR] Verify complete
2017-01-21 21:40:53, Info                  CSI    00000de8 [SR] Verifying 100 components
2017-01-21 21:40:53, Info                  CSI    00000de9 [SR] Beginning Verify and Repair transaction
2017-01-21 21:41:01, Info                  CSI    00000e4e [SR] Verify complete
2017-01-21 21:41:01, Info                  CSI    00000e4f [SR] Verifying 100 components
2017-01-21 21:41:01, Info                  CSI    00000e50 [SR] Beginning Verify and Repair transaction
2017-01-21 21:41:11, Info                  CSI    00000ec1 [SR] Verify complete
2017-01-21 21:41:11, Info                  CSI    00000ec2 [SR] Verifying 100 components
2017-01-21 21:41:11, Info                  CSI    00000ec3 [SR] Beginning Verify and Repair transaction
2017-01-21 21:41:20, Info                  CSI    00000f2b [SR] Verify complete
2017-01-21 21:41:20, Info                  CSI    00000f2c [SR] Verifying 100 components
2017-01-21 21:41:20, Info                  CSI    00000f2d [SR] Beginning Verify and Repair transaction
2017-01-21 21:41:28, Info                  CSI    00000f92 [SR] Verify complete
2017-01-21 21:41:28, Info                  CSI    00000f93 [SR] Verifying 100 components
2017-01-21 21:41:28, Info                  CSI    00000f94 [SR] Beginning Verify and Repair transaction
2017-01-21 21:41:55, Info                  CSI    00001008 [SR] Verify complete
2017-01-21 21:41:55, Info                  CSI    00001009 [SR] Verifying 100 components
2017-01-21 21:41:55, Info                  CSI    0000100a [SR] Beginning Verify and Repair transaction
2017-01-21 21:42:22, Info                  CSI    0000109c [SR] Verify complete
2017-01-21 21:42:23, Info                  CSI    0000109d [SR] Verifying 100 components
2017-01-21 21:42:23, Info                  CSI    0000109e [SR] Beginning Verify and Repair transaction
2017-01-21 21:43:03, Info                  CSI    00001117 [SR] Verify complete
2017-01-21 21:43:03, Info                  CSI    00001118 [SR] Verifying 100 components
2017-01-21 21:43:03, Info                  CSI    00001119 [SR] Beginning Verify and Repair transaction
2017-01-21 21:43:30, Info                  CSI    00001189 [SR] Verify complete
2017-01-21 21:43:30, Info                  CSI    0000118a [SR] Verifying 100 components
2017-01-21 21:43:30, Info                  CSI    0000118b [SR] Beginning Verify and Repair transaction
2017-01-21 21:43:50, Info                  CSI    00001202 [SR] Verify complete
2017-01-21 21:43:50, Info                  CSI    00001203 [SR] Verifying 100 components
2017-01-21 21:43:50, Info                  CSI    00001204 [SR] Beginning Verify and Repair transaction
2017-01-21 21:44:12, Info                  CSI    00001283 [SR] Verify complete
2017-01-21 21:44:13, Info                  CSI    00001284 [SR] Verifying 100 components
2017-01-21 21:44:13, Info                  CSI    00001285 [SR] Beginning Verify and Repair transaction
2017-01-21 21:44:41, Info                  CSI    0000134d [SR] Verify complete
2017-01-21 21:44:42, Info                  CSI    0000134e [SR] Verifying 100 components
2017-01-21 21:44:42, Info                  CSI    0000134f [SR] Beginning Verify and Repair transaction
2017-01-21 21:45:52, Info                  CSI    000013ef [SR] Verify complete
2017-01-21 21:45:52, Info                  CSI    000013f0 [SR] Verifying 100 components
2017-01-21 21:45:52, Info                  CSI    000013f1 [SR] Beginning Verify and Repair transaction
2017-01-21 21:46:27, Info                  CSI    00001480 [SR] Verify complete
2017-01-21 21:46:28, Info                  CSI    00001481 [SR] Verifying 100 components
2017-01-21 21:46:28, Info                  CSI    00001482 [SR] Beginning Verify and Repair transaction
2017-01-21 21:46:44, Info                  CSI    000014f7 [SR] Verify complete
2017-01-21 21:46:44, Info                  CSI    000014f8 [SR] Verifying 100 components
2017-01-21 21:46:44, Info                  CSI    000014f9 [SR] Beginning Verify and Repair transaction
2017-01-21 21:47:20, Info                  CSI    00001575 [SR] Verify complete
2017-01-21 21:47:20, Info                  CSI    00001576 [SR] Verifying 100 components
2017-01-21 21:47:20, Info                  CSI    00001577 [SR] Beginning Verify and Repair transaction
2017-01-21 21:48:27, Info                  CSI    0000160d [SR] Verify complete
2017-01-21 21:48:28, Info                  CSI    0000160e [SR] Verifying 100 components
2017-01-21 21:48:28, Info                  CSI    0000160f [SR] Beginning Verify and Repair transaction
2017-01-21 21:49:06, Info                  CSI    000016c5 [SR] Verify complete
2017-01-21 21:49:06, Info                  CSI    000016c6 [SR] Verifying 100 components
2017-01-21 21:49:06, Info                  CSI    000016c7 [SR] Beginning Verify and Repair transaction
2017-01-21 21:49:43, Info                  CSI    00001753 [SR] Verify complete
2017-01-21 21:49:43, Info                  CSI    00001754 [SR] Verifying 100 components
2017-01-21 21:49:43, Info                  CSI    00001755 [SR] Beginning Verify and Repair transaction
2017-01-21 21:50:32, Info                  CSI    0000182f [SR] Verify complete
2017-01-21 21:50:32, Info                  CSI    00001830 [SR] Verifying 100 components
2017-01-21 21:50:32, Info                  CSI    00001831 [SR] Beginning Verify and Repair transaction
2017-01-21 21:51:05, Info                  CSI    000018a9 [SR] Verify complete
2017-01-21 21:51:05, Info                  CSI    000018aa [SR] Verifying 100 components
2017-01-21 21:51:05, Info                  CSI    000018ab [SR] Beginning Verify and Repair transaction
2017-01-21 21:51:29, Info                  CSI    0000191b [SR] Verify complete
2017-01-21 21:51:30, Info                  CSI    0000191c [SR] Verifying 100 components
2017-01-21 21:51:30, Info                  CSI    0000191d [SR] Beginning Verify and Repair transaction
2017-01-21 21:52:00, Info                  CSI    000019a6 [SR] Verify complete
2017-01-21 21:52:00, Info                  CSI    000019a7 [SR] Verifying 100 components
2017-01-21 21:52:00, Info                  CSI    000019a8 [SR] Beginning Verify and Repair transaction
2017-01-21 21:52:17, Info                  CSI    00001a24 [SR] Verify complete
2017-01-21 21:52:17, Info                  CSI    00001a25 [SR] Verifying 100 components
2017-01-21 21:52:17, Info                  CSI    00001a26 [SR] Beginning Verify and Repair transaction
2017-01-21 21:53:05, Info                  CSI    00001a99 [SR] Verify complete
2017-01-21 21:53:06, Info                  CSI    00001a9a [SR] Verifying 100 components
2017-01-21 21:53:06, Info                  CSI    00001a9b [SR] Beginning Verify and Repair transaction
2017-01-21 21:53:33, Info                  CSI    00001b03 [SR] Verify complete
2017-01-21 21:53:33, Info                  CSI    00001b04 [SR] Verifying 100 components
2017-01-21 21:53:33, Info                  CSI    00001b05 [SR] Beginning Verify and Repair transaction
2017-01-21 21:54:01, Info                  CSI    00001b7b [SR] Verify complete
2017-01-21 21:54:01, Info                  CSI    00001b7c [SR] Verifying 100 components
2017-01-21 21:54:01, Info                  CSI    00001b7d [SR] Beginning Verify and Repair transaction
2017-01-21 21:54:28, Info                  CSI    00001bf7 [SR] Verify complete
2017-01-21 21:54:28, Info                  CSI    00001bf8 [SR] Verifying 100 components
2017-01-21 21:54:28, Info                  CSI    00001bf9 [SR] Beginning Verify and Repair transaction
2017-01-21 21:55:04, Info                  CSI    00001c90 [SR] Verify complete
2017-01-21 21:55:05, Info                  CSI    00001c91 [SR] Verifying 100 components
2017-01-21 21:55:05, Info                  CSI    00001c92 [SR] Beginning Verify and Repair transaction
2017-01-21 21:55:52, Info                  CSI    00001d3d [SR] Verify complete
2017-01-21 21:55:52, Info                  CSI    00001d3e [SR] Verifying 100 components
2017-01-21 21:55:52, Info                  CSI    00001d3f [SR] Beginning Verify and Repair transaction
2017-01-21 21:56:48, Info                  CSI    00001e23 [SR] Verify complete
2017-01-21 21:56:49, Info                  CSI    00001e24 [SR] Verifying 100 components
2017-01-21 21:56:49, Info                  CSI    00001e25 [SR] Beginning Verify and Repair transaction
2017-01-21 21:57:23, Info                  CSI    00001ea5 [SR] Verify complete
2017-01-21 21:57:24, Info                  CSI    00001ea6 [SR] Verifying 100 components
2017-01-21 21:57:24, Info                  CSI    00001ea7 [SR] Beginning Verify and Repair transaction
2017-01-21 21:57:45, Info                  CSI    00001f18 [SR] Verify complete
2017-01-21 21:57:45, Info                  CSI    00001f19 [SR] Verifying 100 components
2017-01-21 21:57:45, Info                  CSI    00001f1a [SR] Beginning Verify and Repair transaction
2017-01-21 21:58:26, Info                  CSI    00001fd8 [SR] Verify complete
2017-01-21 21:58:27, Info                  CSI    00001fd9 [SR] Verifying 100 components
2017-01-21 21:58:27, Info                  CSI    00001fda [SR] Beginning Verify and Repair transaction
2017-01-21 21:58:44, Info                  CSI    00002056 [SR] Verify complete
2017-01-21 21:58:44, Info                  CSI    00002057 [SR] Verifying 100 components
2017-01-21 21:58:44, Info                  CSI    00002058 [SR] Beginning Verify and Repair transaction
2017-01-21 21:58:54, Info                  CSI    000020bd [SR] Verify complete
2017-01-21 21:58:55, Info                  CSI    000020be [SR] Verifying 100 components
2017-01-21 21:58:55, Info                  CSI    000020bf [SR] Beginning Verify and Repair transaction
2017-01-21 21:59:16, Info                  CSI    00002136 [SR] Verify complete
2017-01-21 21:59:17, Info                  CSI    00002137 [SR] Verifying 100 components
2017-01-21 21:59:17, Info                  CSI    00002138 [SR] Beginning Verify and Repair transaction
2017-01-21 21:59:39, Info                  CSI    000021ab [SR] Verify complete
2017-01-21 21:59:39, Info                  CSI    000021ac [SR] Verifying 100 components
2017-01-21 21:59:39, Info                  CSI    000021ad [SR] Beginning Verify and Repair transaction
2017-01-21 22:00:15, Info                  CSI    00002234 [SR] Verify complete
2017-01-21 22:00:16, Info                  CSI    00002235 [SR] Verifying 100 components
2017-01-21 22:00:16, Info                  CSI    00002236 [SR] Beginning Verify and Repair transaction
2017-01-21 22:01:17, Info                  CSI    000022cf [SR] Verify complete
2017-01-21 22:01:17, Info                  CSI    000022d0 [SR] Verifying 100 components
2017-01-21 22:01:17, Info                  CSI    000022d1 [SR] Beginning Verify and Repair transaction
2017-01-21 22:01:34, Info                  CSI    00002345 [SR] Verify complete
2017-01-21 22:01:35, Info                  CSI    00002346 [SR] Verifying 100 components
2017-01-21 22:01:35, Info                  CSI    00002347 [SR] Beginning Verify and Repair transaction
2017-01-21 22:01:55, Info                  CSI    000023ef [SR] Verify complete
2017-01-21 22:01:55, Info                  CSI    000023f0 [SR] Verifying 100 components
2017-01-21 22:01:55, Info                  CSI    000023f1 [SR] Beginning Verify and Repair transaction
2017-01-21 22:02:19, Info                  CSI    00002478 [SR] Verify complete
2017-01-21 22:02:19, Info                  CSI    00002479 [SR] Verifying 100 components
2017-01-21 22:02:19, Info                  CSI    0000247a [SR] Beginning Verify and Repair transaction
2017-01-21 22:02:45, Info                  CSI    000024ff [SR] Verify complete
2017-01-21 22:02:45, Info                  CSI    00002500 [SR] Verifying 100 components
2017-01-21 22:02:45, Info                  CSI    00002501 [SR] Beginning Verify and Repair transaction
2017-01-21 22:03:11, Info                  CSI    00002593 [SR] Verify complete
2017-01-21 22:03:11, Info                  CSI    00002594 [SR] Verifying 100 components
2017-01-21 22:03:11, Info                  CSI    00002595 [SR] Beginning Verify and Repair transaction
2017-01-21 22:03:20, Info                  CSI    000025fb [SR] Verify complete
2017-01-21 22:03:21, Info                  CSI    000025fc [SR] Verifying 100 components
2017-01-21 22:03:21, Info                  CSI    000025fd [SR] Beginning Verify and Repair transaction
2017-01-21 22:03:45, Info                  CSI    00002672 [SR] Verify complete
2017-01-21 22:03:45, Info                  CSI    00002673 [SR] Verifying 100 components
2017-01-21 22:03:45, Info                  CSI    00002674 [SR] Beginning Verify and Repair transaction
2017-01-21 22:04:41, Info                  CSI    00002727 [SR] Verify complete
2017-01-21 22:04:42, Info                  CSI    00002728 [SR] Verifying 100 components
2017-01-21 22:04:42, Info                  CSI    00002729 [SR] Beginning Verify and Repair transaction
2017-01-21 22:05:02, Info                  CSI    000027c3 [SR] Verify complete
2017-01-21 22:05:02, Info                  CSI    000027c4 [SR] Verifying 100 components
2017-01-21 22:05:02, Info                  CSI    000027c5 [SR] Beginning Verify and Repair transaction
2017-01-21 22:05:29, Info                  CSI    0000283e [SR] Verify complete
2017-01-21 22:05:29, Info                  CSI    0000283f [SR] Verifying 100 components
2017-01-21 22:05:29, Info                  CSI    00002840 [SR] Beginning Verify and Repair transaction
2017-01-21 22:05:44, Info                  CSI    000028a8 [SR] Verify complete
2017-01-21 22:05:44, Info                  CSI    000028a9 [SR] Verifying 100 components
2017-01-21 22:05:44, Info                  CSI    000028aa [SR] Beginning Verify and Repair transaction
2017-01-21 22:06:06, Info                  CSI    00002926 [SR] Verify complete
2017-01-21 22:06:06, Info                  CSI    00002927 [SR] Verifying 100 components
2017-01-21 22:06:06, Info                  CSI    00002928 [SR] Beginning Verify and Repair transaction
2017-01-21 22:06:37, Info                  CSI    000029d0 [SR] Verify complete
2017-01-21 22:06:37, Info                  CSI    000029d1 [SR] Verifying 100 components
2017-01-21 22:06:37, Info                  CSI    000029d2 [SR] Beginning Verify and Repair transaction
2017-01-21 22:06:51, Info                  CSI    00002a37 [SR] Verify complete
2017-01-21 22:06:51, Info                  CSI    00002a38 [SR] Verifying 100 components
2017-01-21 22:06:51, Info                  CSI    00002a39 [SR] Beginning Verify and Repair transaction
2017-01-21 22:07:09, Info                  CSI    00002aac [SR] Verify complete
2017-01-21 22:07:10, Info                  CSI    00002aad [SR] Verifying 100 components
2017-01-21 22:07:10, Info                  CSI    00002aae [SR] Beginning Verify and Repair transaction
2017-01-21 22:07:30, Info                  CSI    00002b35 [SR] Verify complete
2017-01-21 22:07:31, Info                  CSI    00002b36 [SR] Verifying 100 components
2017-01-21 22:07:31, Info                  CSI    00002b37 [SR] Beginning Verify and Repair transaction
2017-01-21 22:07:45, Info                  CSI    00002baf [SR] Verify complete
2017-01-21 22:07:46, Info                  CSI    00002bb0 [SR] Verifying 100 components
2017-01-21 22:07:46, Info                  CSI    00002bb1 [SR] Beginning Verify and Repair transaction
2017-01-21 22:08:02, Info                  CSI    00002c1e [SR] Verify complete
2017-01-21 22:08:03, Info                  CSI    00002c1f [SR] Verifying 100 components
2017-01-21 22:08:03, Info                  CSI    00002c20 [SR] Beginning Verify and Repair transaction
2017-01-21 22:08:33, Info                  CSI    00002cb0 [SR] Verify complete
2017-01-21 22:08:34, Info                  CSI    00002cb1 [SR] Verifying 100 components
2017-01-21 22:08:34, Info                  CSI    00002cb2 [SR] Beginning Verify and Repair transaction
2017-01-21 22:09:02, Info                  CSI    00002d9c [SR] Verify complete
2017-01-21 22:09:02, Info                  CSI    00002d9d [SR] Verifying 100 components
2017-01-21 22:09:02, Info                  CSI    00002d9e [SR] Beginning Verify and Repair transaction
2017-01-21 22:09:19, Info                  CSI    00002e14 [SR] Verify complete
2017-01-21 22:09:19, Info                  CSI    00002e15 [SR] Verifying 100 components
2017-01-21 22:09:19, Info                  CSI    00002e16 [SR] Beginning Verify and Repair transaction
2017-01-21 22:09:30, Info                  CSI    00002e7b [SR] Verify complete
2017-01-21 22:09:30, Info                  CSI    00002e7c [SR] Verifying 100 components
2017-01-21 22:09:30, Info                  CSI    00002e7d [SR] Beginning Verify and Repair transaction
2017-01-21 22:09:43, Info                  CSI    00002eec [SR] Verify complete
2017-01-21 22:09:43, Info                  CSI    00002eed [SR] Verifying 100 components
2017-01-21 22:09:43, Info                  CSI    00002eee [SR] Beginning Verify and Repair transaction
2017-01-21 22:09:59, Info                  CSI    00002f66 [SR] Verify complete
2017-01-21 22:09:59, Info                  CSI    00002f67 [SR] Verifying 100 components
2017-01-21 22:09:59, Info                  CSI    00002f68 [SR] Beginning Verify and Repair transaction
2017-01-21 22:10:18, Info                  CSI    00002fd6 [SR] Verify complete
2017-01-21 22:10:19, Info                  CSI    00002fd7 [SR] Verifying 100 components
2017-01-21 22:10:19, Info                  CSI    00002fd8 [SR] Beginning Verify and Repair transaction
2017-01-21 22:10:34, Info                  CSI    0000304f [SR] Verify complete
2017-01-21 22:10:34, Info                  CSI    00003050 [SR] Verifying 100 components
2017-01-21 22:10:34, Info                  CSI    00003051 [SR] Beginning Verify and Repair transaction
2017-01-21 22:10:42, Info                  CSI    000030b6 [SR] Verify complete
2017-01-21 22:10:42, Info                  CSI    000030b7 [SR] Verifying 100 components
2017-01-21 22:10:42, Info                  CSI    000030b8 [SR] Beginning Verify and Repair transaction
2017-01-21 22:11:06, Info                  CSI    0000313a [SR] Verify complete
2017-01-21 22:11:07, Info                  CSI    0000313b [SR] Verifying 100 components
2017-01-21 22:11:07, Info                  CSI    0000313c [SR] Beginning Verify and Repair transaction
2017-01-21 22:11:26, Info                  CSI    000031bb [SR] Verify complete
2017-01-21 22:11:26, Info                  CSI    000031bc [SR] Verifying 100 components
2017-01-21 22:11:26, Info                  CSI    000031bd [SR] Beginning Verify and Repair transaction
2017-01-21 22:11:44, Info                  CSI    0000322d [SR] Verify complete
2017-01-21 22:11:44, Info                  CSI    0000322e [SR] Verifying 100 components
2017-01-21 22:11:44, Info                  CSI    0000322f [SR] Beginning Verify and Repair transaction
2017-01-21 22:12:19, Info                  CSI    000032dd [SR] Verify complete
2017-01-21 22:12:20, Info                  CSI    000032de [SR] Verifying 100 components
2017-01-21 22:12:20, Info                  CSI    000032df [SR] Beginning Verify and Repair transaction
2017-01-21 22:12:53, Info                  CSI    0000336b [SR] Verify complete
2017-01-21 22:12:53, Info                  CSI    0000336c [SR] Verifying 100 components
2017-01-21 22:12:53, Info                  CSI    0000336d [SR] Beginning Verify and Repair transaction
2017-01-21 22:13:33, Info                  CSI    000033e0 [SR] Verify complete
2017-01-21 22:13:34, Info                  CSI    000033e1 [SR] Verifying 100 components
2017-01-21 22:13:34, Info                  CSI    000033e2 [SR] Beginning Verify and Repair transaction
2017-01-21 22:13:52, Info                  CSI    00003462 [SR] Verify complete
2017-01-21 22:13:52, Info                  CSI    00003463 [SR] Verifying 100 components
2017-01-21 22:13:52, Info                  CSI    00003464 [SR] Beginning Verify and Repair transaction
2017-01-21 22:14:07, Info                  CSI    000034d3 [SR] Verify complete
2017-01-21 22:14:08, Info                  CSI    000034d4 [SR] Verifying 100 components
2017-01-21 22:14:08, Info                  CSI    000034d5 [SR] Beginning Verify and Repair transaction
2017-01-21 22:14:34, Info                  CSI    00003550 [SR] Verify complete
2017-01-21 22:14:34, Info                  CSI    00003551 [SR] Verifying 100 components
2017-01-21 22:14:34, Info                  CSI    00003552 [SR] Beginning Verify and Repair transaction
2017-01-21 22:14:49, Info                  CSI    000035c6 [SR] Verify complete
2017-01-21 22:14:49, Info                  CSI    000035c7 [SR] Verifying 100 components
2017-01-21 22:14:49, Info                  CSI    000035c8 [SR] Beginning Verify and Repair transaction
2017-01-21 22:15:06, Info                  CSI    0000363b [SR] Verify complete
2017-01-21 22:15:06, Info                  CSI    0000363c [SR] Verifying 100 components
2017-01-21 22:15:06, Info                  CSI    0000363d [SR] Beginning Verify and Repair transaction
2017-01-21 22:15:28, Info                  CSI    000036b5 [SR] Verify complete
2017-01-21 22:15:28, Info                  CSI    000036b6 [SR] Verifying 100 components
2017-01-21 22:15:28, Info                  CSI    000036b7 [SR] Beginning Verify and Repair transaction
2017-01-21 22:15:45, Info                  CSI    00003737 [SR] Verify complete
2017-01-21 22:15:45, Info                  CSI    00003738 [SR] Verifying 100 components
2017-01-21 22:15:45, Info                  CSI    00003739 [SR] Beginning Verify and Repair transaction
2017-01-21 22:16:00, Info                  CSI    000037af [SR] Verify complete
2017-01-21 22:16:00, Info                  CSI    000037b0 [SR] Verifying 100 components
2017-01-21 22:16:00, Info                  CSI    000037b1 [SR] Beginning Verify and Repair transaction
2017-01-21 22:16:11, Info                  CSI    0000381c [SR] Verify complete
2017-01-21 22:16:11, Info                  CSI    0000381d [SR] Verifying 100 components
2017-01-21 22:16:11, Info                  CSI    0000381e [SR] Beginning Verify and Repair transaction
2017-01-21 22:16:27, Info                  CSI    000038a0 [SR] Verify complete
2017-01-21 22:16:27, Info                  CSI    000038a1 [SR] Verifying 100 components
2017-01-21 22:16:27, Info                  CSI    000038a2 [SR] Beginning Verify and Repair transaction
2017-01-21 22:16:43, Info                  CSI    0000390a [SR] Verify complete
2017-01-21 22:16:44, Info                  CSI    0000390b [SR] Verifying 100 components
2017-01-21 22:16:44, Info                  CSI    0000390c [SR] Beginning Verify and Repair transaction
2017-01-21 22:17:08, Info                  CSI    00003977 [SR] Verify complete
2017-01-21 22:17:08, Info                  CSI    00003978 [SR] Verifying 100 components
2017-01-21 22:17:08, Info                  CSI    00003979 [SR] Beginning Verify and Repair transaction
2017-01-21 22:17:28, Info                  CSI    000039ec [SR] Verify complete
2017-01-21 22:17:29, Info                  CSI    000039ed [SR] Verifying 100 components
2017-01-21 22:17:29, Info                  CSI    000039ee [SR] Beginning Verify and Repair transaction
2017-01-21 22:17:54, Info                  CSI    00003ab8 [SR] Verify complete
2017-01-21 22:17:55, Info                  CSI    00003ab9 [SR] Verifying 100 components
2017-01-21 22:17:55, Info                  CSI    00003aba [SR] Beginning Verify and Repair transaction
2017-01-21 22:18:17, Info                  CSI    00003b87 [SR] Verify complete
2017-01-21 22:18:17, Info                  CSI    00003b88 [SR] Verifying 100 components
2017-01-21 22:18:17, Info                  CSI    00003b89 [SR] Beginning Verify and Repair transaction
2017-01-21 22:18:38, Info                  CSI    00003c16 [SR] Verify complete
2017-01-21 22:18:38, Info                  CSI    00003c17 [SR] Verifying 100 components
2017-01-21 22:18:38, Info                  CSI    00003c18 [SR] Beginning Verify and Repair transaction
2017-01-21 22:18:49, Info                  CSI    00003c7f [SR] Verify complete
2017-01-21 22:18:49, Info                  CSI    00003c80 [SR] Verifying 100 components
2017-01-21 22:18:49, Info                  CSI    00003c81 [SR] Beginning Verify and Repair transaction
2017-01-21 22:19:02, Info                  CSI    00003ce8 [SR] Verify complete
2017-01-21 22:19:02, Info                  CSI    00003ce9 [SR] Verifying 100 components
2017-01-21 22:19:02, Info                  CSI    00003cea [SR] Beginning Verify and Repair transaction
2017-01-21 22:19:19, Info                  CSI    00003d50 [SR] Verify complete
2017-01-21 22:19:19, Info                  CSI    00003d51 [SR] Verifying 100 components
2017-01-21 22:19:19, Info                  CSI    00003d52 [SR] Beginning Verify and Repair transaction
2017-01-21 22:19:36, Info                  CSI    00003dbc [SR] Verify complete
2017-01-21 22:19:36, Info                  CSI    00003dbd [SR] Verifying 100 components
2017-01-21 22:19:36, Info                  CSI    00003dbe [SR] Beginning Verify and Repair transaction
2017-01-21 22:19:52, Info                  CSI    00003e26 [SR] Verify complete
2017-01-21 22:19:52, Info                  CSI    00003e27 [SR] Verifying 100 components
2017-01-21 22:19:52, Info                  CSI    00003e28 [SR] Beginning Verify and Repair transaction
2017-01-21 22:20:05, Info                  CSI    00003e90 [SR] Verify complete
2017-01-21 22:20:06, Info                  CSI    00003e91 [SR] Verifying 100 components
2017-01-21 22:20:06, Info                  CSI    00003e92 [SR] Beginning Verify and Repair transaction
2017-01-21 22:20:19, Info                  CSI    00003ef9 [SR] Verify complete
2017-01-21 22:20:19, Info                  CSI    00003efa [SR] Verifying 100 components
2017-01-21 22:20:19, Info                  CSI    00003efb [SR] Beginning Verify and Repair transaction
2017-01-21 22:20:31, Info                  CSI    00003f63 [SR] Verify complete
2017-01-21 22:20:31, Info                  CSI    00003f64 [SR] Verifying 100 components
2017-01-21 22:20:31, Info                  CSI    00003f65 [SR] Beginning Verify and Repair transaction
2017-01-21 22:20:41, Info                  CSI    00003fcb [SR] Verify complete
2017-01-21 22:20:41, Info                  CSI    00003fcc [SR] Verifying 100 components
2017-01-21 22:20:41, Info                  CSI    00003fcd [SR] Beginning Verify and Repair transaction
2017-01-21 22:20:56, Info                  CSI    00004036 [SR] Verify complete
2017-01-21 22:20:56, Info                  CSI    00004037 [SR] Verifying 100 components
2017-01-21 22:20:56, Info                  CSI    00004038 [SR] Beginning Verify and Repair transaction
2017-01-21 22:21:11, Info                  CSI    000040cd [SR] Verify complete
2017-01-21 22:21:12, Info                  CSI    000040ce [SR] Verifying 100 components
2017-01-21 22:21:12, Info                  CSI    000040cf [SR] Beginning Verify and Repair transaction
2017-01-21 22:21:22, Info                  CSI    00004134 [SR] Verify complete
2017-01-21 22:21:22, Info                  CSI    00004135 [SR] Verifying 100 components
2017-01-21 22:21:22, Info                  CSI    00004136 [SR] Beginning Verify and Repair transaction
2017-01-21 22:21:38, Info                  CSI    000041a6 [SR] Verify complete
2017-01-21 22:21:39, Info                  CSI    000041a7 [SR] Verifying 100 components
2017-01-21 22:21:39, Info                  CSI    000041a8 [SR] Beginning Verify and Repair transaction
2017-01-21 22:22:03, Info                  CSI    0000420f [SR] Verify complete
2017-01-21 22:22:04, Info                  CSI    00004210 [SR] Verifying 100 components
2017-01-21 22:22:04, Info                  CSI    00004211 [SR] Beginning Verify and Repair transaction
2017-01-21 22:22:47, Info                  CSI    00004277 [SR] Verify complete
2017-01-21 22:22:47, Info                  CSI    00004278 [SR] Verifying 100 components
2017-01-21 22:22:47, Info                  CSI    00004279 [SR] Beginning Verify and Repair transaction
2017-01-21 22:23:00, Info                  CSI    000042e4 [SR] Verify complete
2017-01-21 22:23:00, Info                  CSI    000042e5 [SR] Verifying 100 components
2017-01-21 22:23:00, Info                  CSI    000042e6 [SR] Beginning Verify and Repair transaction
2017-01-21 22:23:09, Info                  CSI    

#24 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 21 January 2017 - 04:52 PM

2017-01-21 22:23:09, Info                  CSI    0000434b [SR] Verify complete

2017-01-21 22:23:09, Info                  CSI    0000434c [SR] Verifying 100 components
2017-01-21 22:23:09, Info                  CSI    0000434d [SR] Beginning Verify and Repair transaction
2017-01-21 22:23:24, Info                  CSI    000043b4 [SR] Verify complete
2017-01-21 22:23:24, Info                  CSI    000043b5 [SR] Verifying 100 components
2017-01-21 22:23:24, Info                  CSI    000043b6 [SR] Beginning Verify and Repair transaction
2017-01-21 22:23:51, Info                  CSI    00004428 [SR] Verify complete
2017-01-21 22:23:51, Info                  CSI    00004429 [SR] Verifying 100 components
2017-01-21 22:23:51, Info                  CSI    0000442a [SR] Beginning Verify and Repair transaction
2017-01-21 22:24:08, Info                  CSI    0000449e [SR] Verify complete
2017-01-21 22:24:08, Info                  CSI    0000449f [SR] Verifying 100 components
2017-01-21 22:24:08, Info                  CSI    000044a0 [SR] Beginning Verify and Repair transaction
2017-01-21 22:24:20, Info                  CSI    00004507 [SR] Verify complete
2017-01-21 22:24:20, Info                  CSI    00004508 [SR] Verifying 100 components
2017-01-21 22:24:20, Info                  CSI    00004509 [SR] Beginning Verify and Repair transaction
2017-01-21 22:24:36, Info                  CSI    00004571 [SR] Verify complete
2017-01-21 22:24:36, Info                  CSI    00004572 [SR] Verifying 100 components
2017-01-21 22:24:36, Info                  CSI    00004573 [SR] Beginning Verify and Repair transaction
2017-01-21 22:24:52, Info                  CSI    000045ec [SR] Verify complete
2017-01-21 22:24:52, Info                  CSI    000045ed [SR] Verifying 100 components
2017-01-21 22:24:52, Info                  CSI    000045ee [SR] Beginning Verify and Repair transaction
2017-01-21 22:25:06, Info                  CSI    0000465c [SR] Verify complete
2017-01-21 22:25:06, Info                  CSI    0000465d [SR] Verifying 100 components
2017-01-21 22:25:06, Info                  CSI    0000465e [SR] Beginning Verify and Repair transaction
2017-01-21 22:25:18, Info                  CSI    000046c7 [SR] Verify complete
2017-01-21 22:25:18, Info                  CSI    000046c8 [SR] Verifying 100 components
2017-01-21 22:25:18, Info                  CSI    000046c9 [SR] Beginning Verify and Repair transaction
2017-01-21 22:25:28, Info                  CSI    0000472e [SR] Verify complete
2017-01-21 22:25:29, Info                  CSI    0000472f [SR] Verifying 100 components
2017-01-21 22:25:29, Info                  CSI    00004730 [SR] Beginning Verify and Repair transaction
2017-01-21 22:25:42, Info                  CSI    00004798 [SR] Verify complete
2017-01-21 22:25:43, Info                  CSI    00004799 [SR] Verifying 100 components
2017-01-21 22:25:43, Info                  CSI    0000479a [SR] Beginning Verify and Repair transaction
2017-01-21 22:25:58, Info                  CSI    00004807 [SR] Verify complete
2017-01-21 22:25:59, Info                  CSI    00004808 [SR] Verifying 100 components
2017-01-21 22:25:59, Info                  CSI    00004809 [SR] Beginning Verify and Repair transaction
2017-01-21 22:26:17, Info                  CSI    0000488c [SR] Verify complete
2017-01-21 22:26:17, Info                  CSI    0000488d [SR] Verifying 100 components
2017-01-21 22:26:17, Info                  CSI    0000488e [SR] Beginning Verify and Repair transaction
2017-01-21 22:26:33, Info                  CSI    00004902 [SR] Verify complete
2017-01-21 22:26:34, Info                  CSI    00004903 [SR] Verifying 100 components
2017-01-21 22:26:34, Info                  CSI    00004904 [SR] Beginning Verify and Repair transaction
2017-01-21 22:26:53, Info                  CSI    0000497e [SR] Verify complete
2017-01-21 22:26:53, Info                  CSI    0000497f [SR] Verifying 100 components
2017-01-21 22:26:53, Info                  CSI    00004980 [SR] Beginning Verify and Repair transaction
2017-01-21 22:27:16, Info                  CSI    00004a07 [SR] Verify complete
2017-01-21 22:27:16, Info                  CSI    00004a08 [SR] Verifying 100 components
2017-01-21 22:27:16, Info                  CSI    00004a09 [SR] Beginning Verify and Repair transaction
2017-01-21 22:27:47, Info                  CSI    00004a7a [SR] Verify complete
2017-01-21 22:27:47, Info                  CSI    00004a7b [SR] Verifying 100 components
2017-01-21 22:27:47, Info                  CSI    00004a7c [SR] Beginning Verify and Repair transaction
2017-01-21 22:28:27, Info                  CSI    00004b0e [SR] Verify complete
2017-01-21 22:28:27, Info                  CSI    00004b0f [SR] Verifying 100 components
2017-01-21 22:28:27, Info                  CSI    00004b10 [SR] Beginning Verify and Repair transaction
2017-01-21 22:28:51, Info                  CSI    00004bb6 [SR] Verify complete
2017-01-21 22:28:51, Info                  CSI    00004bb7 [SR] Verifying 100 components
2017-01-21 22:28:51, Info                  CSI    00004bb8 [SR] Beginning Verify and Repair transaction
2017-01-21 22:29:00, Info                  CSI    00004c1d [SR] Verify complete
2017-01-21 22:29:00, Info                  CSI    00004c1e [SR] Verifying 100 components
2017-01-21 22:29:00, Info                  CSI    00004c1f [SR] Beginning Verify and Repair transaction
2017-01-21 22:29:13, Info                  CSI    00004c8b [SR] Verify complete
2017-01-21 22:29:13, Info                  CSI    00004c8c [SR] Verifying 100 components
2017-01-21 22:29:13, Info                  CSI    00004c8d [SR] Beginning Verify and Repair transaction
2017-01-21 22:29:42, Info                  CSI    00004d1e [SR] Verify complete
2017-01-21 22:29:43, Info                  CSI    00004d1f [SR] Verifying 100 components
2017-01-21 22:29:43, Info                  CSI    00004d20 [SR] Beginning Verify and Repair transaction
2017-01-21 22:30:06, Info                  CSI    00004dd9 [SR] Verify complete
2017-01-21 22:30:06, Info                  CSI    00004dda [SR] Verifying 100 components
2017-01-21 22:30:06, Info                  CSI    00004ddb [SR] Beginning Verify and Repair transaction
2017-01-21 22:30:41, Info                  CSI    00004e5d [SR] Verify complete
2017-01-21 22:30:42, Info                  CSI    00004e5e [SR] Verifying 100 components
2017-01-21 22:30:42, Info                  CSI    00004e5f [SR] Beginning Verify and Repair transaction
2017-01-21 22:31:16, Info                  CSI    00004f29 [SR] Verify complete
2017-01-21 22:31:16, Info                  CSI    00004f2a [SR] Verifying 100 components
2017-01-21 22:31:16, Info                  CSI    00004f2b [SR] Beginning Verify and Repair transaction
2017-01-21 22:31:49, Info                  CSI    00004fbc [SR] Verify complete
2017-01-21 22:31:50, Info                  CSI    00004fbd [SR] Verifying 100 components
2017-01-21 22:31:50, Info                  CSI    00004fbe [SR] Beginning Verify and Repair transaction
2017-01-21 22:32:07, Info                  CSI    00005037 [SR] Verify complete
2017-01-21 22:32:07, Info                  CSI    00005038 [SR] Verifying 100 components
2017-01-21 22:32:07, Info                  CSI    00005039 [SR] Beginning Verify and Repair transaction
2017-01-21 22:32:28, Info                  CSI    000050bf [SR] Verify complete
2017-01-21 22:32:28, Info                  CSI    000050c0 [SR] Verifying 100 components
2017-01-21 22:32:28, Info                  CSI    000050c1 [SR] Beginning Verify and Repair transaction
2017-01-21 22:32:45, Info                  CSI    00005137 [SR] Verify complete
2017-01-21 22:32:45, Info                  CSI    00005138 [SR] Verifying 100 components
2017-01-21 22:32:45, Info                  CSI    00005139 [SR] Beginning Verify and Repair transaction
2017-01-21 22:33:09, Info                  CSI    000051bc [SR] Verify complete
2017-01-21 22:33:09, Info                  CSI    000051bd [SR] Verifying 100 components
2017-01-21 22:33:09, Info                  CSI    000051be [SR] Beginning Verify and Repair transaction
2017-01-21 22:33:28, Info                  CSI    00005249 [SR] Verify complete
2017-01-21 22:33:29, Info                  CSI    0000524a [SR] Verifying 100 components
2017-01-21 22:33:29, Info                  CSI    0000524b [SR] Beginning Verify and Repair transaction
2017-01-21 22:33:48, Info                  CSI    000052ca [SR] Verify complete
2017-01-21 22:33:49, Info                  CSI    000052cb [SR] Verifying 100 components
2017-01-21 22:33:49, Info                  CSI    000052cc [SR] Beginning Verify and Repair transaction
2017-01-21 22:34:05, Info                  CSI    0000534e [SR] Verify complete
2017-01-21 22:34:06, Info                  CSI    0000534f [SR] Verifying 100 components
2017-01-21 22:34:06, Info                  CSI    00005350 [SR] Beginning Verify and Repair transaction
2017-01-21 22:34:25, Info                  CSI    000053bf [SR] Verify complete
2017-01-21 22:34:25, Info                  CSI    000053c0 [SR] Verifying 100 components
2017-01-21 22:34:25, Info                  CSI    000053c1 [SR] Beginning Verify and Repair transaction
2017-01-21 22:34:59, Info                  CSI    0000552b [SR] Verify complete
2017-01-21 22:34:59, Info                  CSI    0000552c [SR] Verifying 100 components
2017-01-21 22:34:59, Info                  CSI    0000552d [SR] Beginning Verify and Repair transaction
2017-01-21 22:35:17, Info                  CSI    0000559e [SR] Verify complete
2017-01-21 22:35:17, Info                  CSI    0000559f [SR] Verifying 100 components
2017-01-21 22:35:17, Info                  CSI    000055a0 [SR] Beginning Verify and Repair transaction
2017-01-21 22:35:30, Info                  CSI    00005606 [SR] Verify complete
2017-01-21 22:35:31, Info                  CSI    00005607 [SR] Verifying 100 components
2017-01-21 22:35:31, Info                  CSI    00005608 [SR] Beginning Verify and Repair transaction
2017-01-21 22:35:46, Info                  CSI    00005672 [SR] Verify complete
2017-01-21 22:35:47, Info                  CSI    00005673 [SR] Verifying 100 components
2017-01-21 22:35:47, Info                  CSI    00005674 [SR] Beginning Verify and Repair transaction
2017-01-21 22:36:06, Info                  CSI    00005727 [SR] Verify complete
2017-01-21 22:36:06, Info                  CSI    00005728 [SR] Verifying 100 components
2017-01-21 22:36:06, Info                  CSI    00005729 [SR] Beginning Verify and Repair transaction
2017-01-21 22:36:25, Info                  CSI    00005803 [SR] Verify complete
2017-01-21 22:36:25, Info                  CSI    00005804 [SR] Verifying 100 components
2017-01-21 22:36:25, Info                  CSI    00005805 [SR] Beginning Verify and Repair transaction
2017-01-21 22:36:41, Info                  CSI    0000587d [SR] Verify complete
2017-01-21 22:36:41, Info                  CSI    0000587e [SR] Verifying 100 components
2017-01-21 22:36:41, Info                  CSI    0000587f [SR] Beginning Verify and Repair transaction
2017-01-21 22:36:55, Info                  CSI    000058ea [SR] Verify complete
2017-01-21 22:36:56, Info                  CSI    000058eb [SR] Verifying 100 components
2017-01-21 22:36:56, Info                  CSI    000058ec [SR] Beginning Verify and Repair transaction
2017-01-21 22:37:14, Info                  CSI    00005989 [SR] Verify complete
2017-01-21 22:37:14, Info                  CSI    0000598a [SR] Verifying 100 components
2017-01-21 22:37:14, Info                  CSI    0000598b [SR] Beginning Verify and Repair transaction
2017-01-21 22:37:36, Info                  CSI    00005a4f [SR] Verify complete
2017-01-21 22:37:36, Info                  CSI    00005a50 [SR] Verifying 100 components
2017-01-21 22:37:36, Info                  CSI    00005a51 [SR] Beginning Verify and Repair transaction
2017-01-21 22:37:57, Info                  CSI    00005b0b [SR] Verify complete
2017-01-21 22:37:58, Info                  CSI    00005b0c [SR] Verifying 100 components
2017-01-21 22:37:58, Info                  CSI    00005b0d [SR] Beginning Verify and Repair transaction
2017-01-21 22:38:16, Info                  CSI    00005b8b [SR] Verify complete
2017-01-21 22:38:16, Info                  CSI    00005b8c [SR] Verifying 100 components
2017-01-21 22:38:16, Info                  CSI    00005b8d [SR] Beginning Verify and Repair transaction
2017-01-21 22:38:29, Info                  CSI    00005bfc [SR] Verify complete
2017-01-21 22:38:30, Info                  CSI    00005bfd [SR] Verifying 100 components
2017-01-21 22:38:30, Info                  CSI    00005bfe [SR] Beginning Verify and Repair transaction
2017-01-21 22:38:46, Info                  CSI    00005c6a [SR] Verify complete
2017-01-21 22:38:46, Info                  CSI    00005c6b [SR] Verifying 100 components
2017-01-21 22:38:46, Info                  CSI    00005c6c [SR] Beginning Verify and Repair transaction
2017-01-21 22:39:01, Info                  CSI    00005cdc [SR] Verify complete
2017-01-21 22:39:01, Info                  CSI    00005cdd [SR] Verifying 100 components
2017-01-21 22:39:01, Info                  CSI    00005cde [SR] Beginning Verify and Repair transaction
2017-01-21 22:39:17, Info                  CSI    00005d76 [SR] Verify complete
2017-01-21 22:39:17, Info                  CSI    00005d77 [SR] Verifying 100 components
2017-01-21 22:39:17, Info                  CSI    00005d78 [SR] Beginning Verify and Repair transaction
2017-01-21 22:39:30, Info                  CSI    00005de4 [SR] Verify complete
2017-01-21 22:39:30, Info                  CSI    00005de5 [SR] Verifying 100 components
2017-01-21 22:39:30, Info                  CSI    00005de6 [SR] Beginning Verify and Repair transaction
2017-01-21 22:39:44, Info                  CSI    00005e54 [SR] Verify complete
2017-01-21 22:39:44, Info                  CSI    00005e55 [SR] Verifying 100 components
2017-01-21 22:39:44, Info                  CSI    00005e56 [SR] Beginning Verify and Repair transaction
2017-01-21 22:39:57, Info                  CSI    00005ec2 [SR] Verify complete
2017-01-21 22:39:58, Info                  CSI    00005ec3 [SR] Verifying 100 components
2017-01-21 22:39:58, Info                  CSI    00005ec4 [SR] Beginning Verify and Repair transaction
2017-01-21 22:40:12, Info                  CSI    00005f3c [SR] Verify complete
2017-01-21 22:40:13, Info                  CSI    00005f3d [SR] Verifying 100 components
2017-01-21 22:40:13, Info                  CSI    00005f3e [SR] Beginning Verify and Repair transaction
2017-01-21 22:40:27, Info                  CSI    00005faa [SR] Verify complete
2017-01-21 22:40:28, Info                  CSI    00005fab [SR] Verifying 100 components
2017-01-21 22:40:28, Info                  CSI    00005fac [SR] Beginning Verify and Repair transaction
2017-01-21 22:40:38, Info                  CSI    00006018 [SR] Verify complete
2017-01-21 22:40:39, Info                  CSI    00006019 [SR] Verifying 100 components
2017-01-21 22:40:39, Info                  CSI    0000601a [SR] Beginning Verify and Repair transaction
2017-01-21 22:40:51, Info                  CSI    00006084 [SR] Verify complete
2017-01-21 22:40:51, Info                  CSI    00006085 [SR] Verifying 100 components
2017-01-21 22:40:51, Info                  CSI    00006086 [SR] Beginning Verify and Repair transaction
2017-01-21 22:41:11, Info                  CSI    00006112 [SR] Verify complete
2017-01-21 22:41:12, Info                  CSI    00006113 [SR] Verifying 100 components
2017-01-21 22:41:12, Info                  CSI    00006114 [SR] Beginning Verify and Repair transaction
2017-01-21 22:41:25, Info                  CSI    0000617d [SR] Verify complete
2017-01-21 22:41:26, Info                  CSI    0000617e [SR] Verifying 100 components
2017-01-21 22:41:26, Info                  CSI    0000617f [SR] Beginning Verify and Repair transaction
2017-01-21 22:41:42, Info                  CSI    000061e8 [SR] Verify complete
2017-01-21 22:41:42, Info                  CSI    000061e9 [SR] Verifying 100 components
2017-01-21 22:41:42, Info                  CSI    000061ea [SR] Beginning Verify and Repair transaction
2017-01-21 22:41:57, Info                  CSI    00006252 [SR] Verify complete
2017-01-21 22:41:57, Info                  CSI    00006253 [SR] Verifying 100 components
2017-01-21 22:41:57, Info                  CSI    00006254 [SR] Beginning Verify and Repair transaction
2017-01-21 22:42:11, Info                  CSI    000062bb [SR] Verify complete
2017-01-21 22:42:12, Info                  CSI    000062bc [SR] Verifying 100 components
2017-01-21 22:42:12, Info                  CSI    000062bd [SR] Beginning Verify and Repair transaction
2017-01-21 22:42:22, Info                  CSI    00006323 [SR] Verify complete
2017-01-21 22:42:22, Info                  CSI    00006324 [SR] Verifying 100 components
2017-01-21 22:42:22, Info                  CSI    00006325 [SR] Beginning Verify and Repair transaction
2017-01-21 22:42:35, Info                  CSI    0000638e [SR] Verify complete
2017-01-21 22:42:35, Info                  CSI    0000638f [SR] Verifying 100 components
2017-01-21 22:42:35, Info                  CSI    00006390 [SR] Beginning Verify and Repair transaction
2017-01-21 22:42:52, Info                  CSI    000063ff [SR] Verify complete
2017-01-21 22:42:52, Info                  CSI    00006400 [SR] Verifying 27 components
2017-01-21 22:42:52, Info                  CSI    00006401 [SR] Beginning Verify and Repair transaction
2017-01-21 22:42:54, Info                  CSI    0000641d [SR] Verify complete
2017-01-21 22:42:54, Info                  CSI    0000641e [SR] Repairing 0 components
2017-01-21 22:42:54, Info                  CSI    0000641f [SR] Beginning Verify and Repair transaction
2017-01-21 22:42:54, Info                  CSI    00006420 [SR] Repair complete
 
The laptop is running fine, but if I try to run more than 2 programs at once, or if I have many tabs open on my browser it slows down considerably, and the fan becomes extremely loud (I have recently cleaned it with an air spray) - but it has been like that for a long time now and I think it might just be age at this point. What do you think?

#25 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 22 January 2017 - 03:35 PM

Hello XZY5 and welcome back. :)

The integrity of the Operating System files appears to be OK.
 

and the fan becomes extremely loud (I have recently cleaned it with an air spray) - but it has been like that for a long time now and I think it might just be age at this point. What do you think?

Cleaning the fan with an air spray is a good idea that can reduce the noise and improve the performance of the laptop. Then I will give you some more tips to try to improve your computer's speed.


Now please try the following tool.

Temporarily disable your Antivirus program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save it to the Desktop.
On the Desktop, right-click the Zoek.exe file and select Run as administrator
(Give it a few seconds to appear).
Click Yes to accept any security warnings that may appear.

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
 

createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b

 
Next...
Close any open Browsers.
Click the Run script button, and wait. Note: It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.


Note: Please re-enable your Antivirus program.


Please post the zoek-results.log in your reply and note any errors encountered.

How is the computer performing now?


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#26 XZY5

XZY5

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 29 January 2017 - 01:22 PM

Hi Android 8888, I ran the script as instructed, but the scan has been running for over 24 hours now and it has been stuck on the same line. It started at 17:55 yesterday, got to a line reading "Firefox Extensions 19:01:21:54" and has remained like that since. I thought maybe it has crashed, and closed the window at one point thinking I will restart it but the window reappeared saying the tool is running and that a log will appear upon completion. So I left it overnight, and then throughout today but nothing has changed

#27 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 29 January 2017 - 06:04 PM

Hi XZY5.

Please stop the Zoek process in Task Manager (Ctrl+Alt+Delete) and reboot the computer.

Now let's try to run Zoek one more time.

Temporarily disable your security programs so it does not interfere with the scan.
Information on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

On the Desktop, right-click the Zoek.exe file and select Run as administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
 

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b


Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply and note any errors encountered.
 
Note: Please re-enable your security programs.


Let me know how is the computer running now.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#28 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 25 February 2017 - 12:24 PM

Hi Android 8888, the zoek log is below.

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by upoma-efti on 04/02/2017 at 16:29:04.51.
Microsoft Windows 10 Home 10.0.14393  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\upoma-efti\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2017-01-28-190121.log    3065 bytes

==== System Restore Info ======================

04/02/2017 16:35:43 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\SoftwareDistribution deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\UPOMA-~1\AppData\Roaming\Mozilla\Firefox\Profiles\bwhtxa25.default-1482336262565
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi" [02/12/2016 19:39]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\upoma-efti\AppData\Roaming\Mozilla\Firefox\Profiles\bwhtxa25.default-1482336262565
86C2467018027DFF6ED94F50D9CF1145    - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll -    Shockwave for Director / Shockwave for Director

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.googl...lhhddbepgkeaa[]
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
lpeeaghdjmhlakojjcgfdhgcejdaefmi - https://chrome.googl...fdhgcejdaefmi[]

Session Buddy - upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko
WhatsApp™ Messenger - upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\infelompnbbancffeibkenmdbbmpoged
LINE - upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IESR02"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2} deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\upoma-efti\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\upoma-efti\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\upoma-efti\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\upoma-efti\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1C55XJMG will be deleted at reboot
C:\Users\upoma-efti\AppData\Local\Microsoft\Windows\INetCache\Low\IE\3LDXT5I7 will be deleted at reboot
C:\Users\upoma-efti\AppData\Local\Microsoft\Windows\INetCache\Low\IE\AUFCKGN7 will be deleted at reboot
C:\Users\upoma-efti\AppData\Local\Microsoft\Windows\INetCache\Low\IE\P5WJ3VZL will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\upoma-efti\AppData\Local\Mozilla\Firefox\Profiles\bwhtxa25.default-1482336262565\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\upoma-efti\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=107 folders=44 110713560 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\UPOMA-~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\upoma-efti\AppData\Local\Microsoft\Windows\INetCache\Low\IE\1C55XJMG" not found
"C:\Users\upoma-efti\AppData\Local\Microsoft\Windows\INetCache\Low\IE\3LDXT5I7" not found
"C:\Users\upoma-efti\AppData\Local\Microsoft\Windows\INetCache\Low\IE\AUFCKGN7" not found
"C:\Users\upoma-efti\AppData\Local\Microsoft\Windows\INetCache\Low\IE\P5WJ3VZL" not found

==== EOF on 04/02/2017 at 17:29:31.56 ======================
 

Not much has changed about how the laptop runs though, the start up is still fairly long, fan is still very loud, the computer has to stay connected to the power at all times and running more than 1 program (or having more than 3 tabs open on a browser) slows it down even more. It still functions well enough for basic use though

 


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#29 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 25 February 2017 - 12:25 PM

Hello XZY5.

 

I'm sorry for the delay in responding.

 

The slowdown on your computer is not caused by malware. However there is still some work to do yet.

 

Please delete the old version of RGSA.exe from your Desktop, download a new version from here and save it to your Desktop.

  • Now right-click the RGSA.exe icon and choose Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click OK on the copyright-disclaimer.
  • It will produce a log (SALog.txt) on your Desktop.

 

Please copy and paste the contents of that log for my review.

 


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#30 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 25 February 2017 - 12:25 PM

Hi Android 8888

 

Sorry about only being able to reply on weekends. The SAL log is below 

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 17th December, 2016
Running from:C:\Users\upoma-efti\Desktop (21:06:57 - 01/14/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled!
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Kaspersky Internet Security (Enabled - Up to Date)
Windows Defender's ProductState is indeterminate
Kaspersky Internet Security (Enabled - Up to Date)
Windows Defender (Disabled - Up to Date)
Kaspersky Internet Security (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player Plugin (version 24.0.0.186)
Firefox (version 50)
Google Chrome (version 54)
Java (version 8.0.1110.14)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5.1)
SpywareBlaster (version 5.5)
SUPERAntiSpyware (version 6)
WinPatrol (version 33.6)
 

 

I haven't updated a couple of programs on my old laptop as I plan on resetting it before giving it to my father who wants to use it

 


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#31 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 25 February 2017 - 12:29 PM

Hi XZY5.
 

Sorry about only being able to reply on weekends.

No problem at all.
 
 

I haven't updated a couple of programs on my old laptop as I plan on resetting it before giving it to my father who wants to use it

Okay, it's your choice.
 
Just in case you still think of updating the following outdated programs I leave you the respective links:
Adobe Flash Player Plugin
Mozilla Firefox
Google Chrome
Java
Malwarebytes (3.0.4)
WinPatrol

Next,
Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
Close all running programs and start delfix.exe.
Make sure that all available options are checked.
Click on Run.
DelFix should remove all our tools and delete itself afterwards.
I don't need the log file.
 
Now you can proceed with confidence to the transfer of your data files from your old laptop to the new one.
 
Please let me know if there are any issues or concerns on these computers.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#32 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 25 February 2017 - 12:29 PM

Hi Android 8888 

Thank you so much for all your help. I've cleaned my old laptop and transferred my data to my new one. They're both running as normal. Again apologies for the gaps in my replies, and for how long this turned out to be. You guys are awesome! =D


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#33 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 25 February 2017 - 12:31 PM

Hi XZY5.

 

 

Thank you so much for all your help.

You're welcome. :)
 

 

I'm glad that you were able to copy your data to the new computer and both machines are running well. The most important thing was the cleaning of both computers so you can safely copy your documents to the new computer.

 

If everything is good, below I have included a number of recommendations for how to protect your computers in order to prevent future malware infections.
Please take these recommendations seriously; these few simple steps can save off the vast majority of spyware problems.

 

Keep your Antivirus program up-to-date.

 

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. Please uncheck them if you don't want or use them. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

 

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Keep Malwarebytes update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using Malwarebytes can be found here
Please Note that only the paid for version has real time capabilities.

 

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here
Please note that the free version of SpywareBlaster needs manual updates.

 

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

 

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, DO NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

 

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

 

Please keep your programs up to date. This applies to Adobe Flash Player, Adobe Reader, Java, Microsoft Silverlight, WinPatrol and all your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

 

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

 

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

 

Don't click on links received in instant message programs.

 

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

 

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

 

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

 

Happy surfing and stay safe. :thumbup:

 

Android 8888.

 


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.

#34 Android 8888

Android 8888

    SWI Malware Tracker

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,178 posts

Posted 13 March 2017 - 04:33 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else, please begin a new topic.


Android 8888
 
Website: http://android8888.comlu.com
 
Tavira - Here's where I live!
 
Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.
Back to Resolved or inactive Malware Removal


  1. SpywareInfo Forum
  2. Spyware, thiefware, browser hijackers, and other advertising parasites
  3. Malware Removal
  4. Resolved or inactive Malware Removal
  5. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button