PDA

View Full Version : BAD Javascript Pop Up Virus - Ends with 1-800 number


johnboyx570
2016-04-24, 04:00
This virus seems to affect chrome, ie, and firefox. I've done all the standard stuff - Spybot Scans, Disable Browser Extensions & Plug INs, Reinstall Browser, look in the processes... Etc. It's weird because I haven't added any software. I had the "searching" virus a while ago when I downloaded a corel DVD driver but I thought I had found it and all its buddies in the registry. It apparently came back. This time it does feel a little different. It feels to be all java script. It's selective too. It doesnt come up when I'm on safer networking... but it blows up when I visit Bleeping Computer.

I backed up the Registry.. Here are my scans ( I do see some funny stuff under the browser section of the regsitry but I don't know that I can get all of it without help. So pleeeease : )

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by ThePollenCo (administrator) on DESKTOP (23-04-2016 18:35:40)
Running from C:\Program Files (x86)\Farbar
Loaded Profiles: ThePollenCo & DefaultAppPool (Available Profiles: ThePollenCo & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9645088 2010-02-04] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-06-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [82944 2010-01-19] (Sony Electronics Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805824 2013-11-22] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2887477034-1223843238-734396661-1005\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-04]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VAIO Messenger.lnk [2016-03-17]
ShortcutTarget: VAIO Messenger.lnk -> C:\Program Files (x86)\DDNi\Oasis\Delay.exe (Digital Delivery Networks, Inc.)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{2cb75212-a29f-4415-a03a-de6bae51d13e}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{2cb75212-a29f-4415-a03a-de6bae51d13e}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{38936d5e-af80-4f9f-9e9c-f21fa582c303}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{38936d5e-af80-4f9f-9e9c-f21fa582c303}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
Tcpip\..\Interfaces\{80fd0845-4c85-4fc6-b5d3-1a608ddf1df1}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{80fd0845-4c85-4fc6-b5d3-1a608ddf1df1}: [DhcpNameServer] 82.163.143.171

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKU\S-1-5-21-2887477034-1223843238-734396661-1005 -> {3E35BEF9-7F9B-45EF-B2D8-745DE8BAEF3C} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G3Qzgutbl338BD,b87d8d38-f9af-42ad-b88d-48e55f5e1c24,
SearchScopes: HKU\S-1-5-21-2887477034-1223843238-734396661-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
SearchScopes: HKU\S-1-5-21-2887477034-1223843238-734396661-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ThePollenCo\AppData\Roaming\Mozilla\Firefox\Profiles\2zs2xcn0.default-1461441279135
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-03-20] [not signed]

Chrome:
=======
CHR Profile: C:\Users\ThePollenCo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\ThePollenCo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-06-29] (NVIDIA Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 MSSQL$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-06-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-06-29] (NVIDIA Corporation)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [45568 2010-01-27] () [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2015-02-04] (Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SQLAgent$DDNI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [958112 2011-10-24] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
R3 AVerAVF2; C:\Windows\system32\DRIVERS\AVerAVF2.sys [1106688 2009-09-28] (AVerMedia TECHNOLOGIES, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-06-29] (NVIDIA Corporation)
S3 NW1950; C:\Windows\System32\drivers\NW1950.sys [26104 2010-03-01] ()
R3 NWVoltron; C:\Windows\System32\drivers\NWVoltron.sys [28920 2013-02-04] ()
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2016-03-17] ()
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2016-03-17] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2016-03-17] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2016-03-17] (Acronis International GmbH)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 aswMBR; C:\Users\ThePollenCo\AppData\Local\Temp\aswMBR.sys [62728 2016-04-23] () [File not signed]
U3 aswVmm; C:\Users\ThePollenCo\AppData\Local\Temp\aswVmm.sys [224896 2016-04-23] ()
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-23 18:29 - 2016-04-23 18:29 - 00001497 _____ C:\Users\ThePollenCo\Desktop\tdsskiller.exe - Shortcut.lnk
2016-04-23 18:27 - 2016-04-23 18:28 - 00273106 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_18.27.14_log.txt
2016-04-23 18:23 - 2016-04-23 18:23 - 00001569 _____ C:\Users\ThePollenCo\Desktop\firefox.exe - Shortcut.lnk
2016-04-23 18:23 - 2016-04-23 18:23 - 00001459 _____ C:\Users\ThePollenCo\Desktop\FRST64.exe - Shortcut.lnk
2016-04-23 18:23 - 2016-04-23 18:23 - 00001459 _____ C:\Users\ThePollenCo\Desktop\aswMBR.exe - Shortcut.lnk
2016-04-23 14:48 - 2016-04-18 11:09 - 00451830 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160423-144815.backup
2016-04-23 11:31 - 2016-04-23 11:31 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-23 11:12 - 2016-04-23 11:15 - 00000000 ____D C:\Program Files (x86)\aswMBR
2016-04-23 11:10 - 2016-04-23 18:29 - 00000000 ____D C:\Program Files (x86)\Farbar
2016-04-23 11:03 - 2016-04-23 18:35 - 00000000 ____D C:\FRST
2016-04-23 10:03 - 2016-04-23 10:03 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-Windows-10-Home-(64-bit).dat
2016-04-23 10:03 - 2016-04-23 10:03 - 00000000 ____D C:\RegBackup
2016-04-23 10:02 - 2016-04-23 10:02 - 00002308 _____ C:\Users\ThePollenCo\Desktop\Tweaking.com - Registry Backup.lnk
2016-04-23 10:02 - 2016-04-23 10:02 - 00000000 ____D C:\Users\ThePollenCo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-04-23 10:02 - 2016-04-23 10:02 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-23 10:01 - 2016-04-23 10:02 - 00018194 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-04-23 10:01 - 2016-04-23 10:01 - 05523840 _____ (Tweaking.com) C:\Users\ThePollenCo\Downloads\tweaking.com_registry_backup_setup.exe
2016-04-23 05:34 - 2016-04-23 05:34 - 00000000 ____D C:\ProgramData\452e967a-6193-1
2016-04-23 05:34 - 2016-04-23 05:34 - 00000000 ____D C:\ProgramData\452e967a-1997-0
2016-04-22 23:34 - 2016-04-22 23:34 - 00000000 ____D C:\ProgramData\452e967a-32b7-0
2016-04-22 23:34 - 2016-04-22 23:34 - 00000000 ____D C:\ProgramData\452e967a-11d3-1
2016-04-22 17:34 - 2016-04-22 17:34 - 00000000 ____D C:\ProgramData\452e967a-61d1-0
2016-04-22 17:34 - 2016-04-22 17:34 - 00000000 ____D C:\ProgramData\452e967a-16f1-1
2016-04-22 11:34 - 2016-04-22 11:34 - 00000000 ____D C:\ProgramData\452e967a-3c71-1
2016-04-22 11:34 - 2016-04-22 11:34 - 00000000 ____D C:\ProgramData\452e967a-3bd7-0
2016-04-22 05:34 - 2016-04-22 05:34 - 00000000 ____D C:\ProgramData\452e967a-72f3-1
2016-04-22 05:34 - 2016-04-22 05:34 - 00000000 ____D C:\ProgramData\452e967a-2763-0
2016-04-21 23:34 - 2016-04-21 23:34 - 00000000 ____D C:\ProgramData\452e967a-6775-1
2016-04-21 23:34 - 2016-04-21 23:34 - 00000000 ____D C:\ProgramData\452e967a-3ff3-0
2016-04-21 17:34 - 2016-04-21 17:34 - 00000000 ____D C:\ProgramData\452e967a-3d95-0
2016-04-21 17:34 - 2016-04-21 17:34 - 00000000 ____D C:\ProgramData\452e967a-1a37-1
2016-04-21 11:34 - 2016-04-21 11:34 - 00000000 ____D C:\ProgramData\452e967a-3093-0
2016-04-21 11:34 - 2016-04-21 11:34 - 00000000 ____D C:\ProgramData\452e967a-2ee3-1
2016-04-21 05:34 - 2016-04-21 05:34 - 00000000 ____D C:\ProgramData\452e967a-7d71-0
2016-04-21 05:34 - 2016-04-21 05:34 - 00000000 ____D C:\ProgramData\452e967a-5021-1
2016-04-21 05:29 - 2016-04-21 05:30 - 00000000 ____D C:\ProgramData\452e967a-0721-0
2016-04-18 13:40 - 2016-04-18 13:40 - 00030493 _____ C:\Users\ThePollenCo\Documents\blankregistry.xml
2016-04-18 11:09 - 2016-04-16 20:56 - 00451830 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160418-110913.backup
2016-04-16 20:56 - 2016-03-26 09:26 - 00451542 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160416-205635.backup
2016-04-16 15:23 - 2016-04-16 15:23 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-16 15:23 - 2016-04-16 15:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-16 15:22 - 2016-04-16 15:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-16 15:21 - 2016-04-16 15:22 - 00242144 _____ C:\Users\ThePollenCo\Downloads\Firefox Setup Stub 45.0.2.exe
2016-04-16 14:00 - 2016-04-16 14:00 - 00000000 ____D C:\WINDOWS\pss
2016-04-16 12:57 - 2016-04-23 11:18 - 00047558 _____ C:\WINDOWS\SysWOW64\bddel.dat
2016-04-15 20:48 - 2016-04-21 05:29 - 00000000 ____D C:\ProgramData\452e967a-4151-0
2016-04-15 20:43 - 2016-04-21 05:29 - 00003884 _____ C:\WINDOWS\System32\Tasks\{58697D1B-AED7-3C26-7B96-2E453FD3435E}
2016-04-15 20:43 - 2016-04-21 05:29 - 00000000 ____D C:\ProgramData\452e967a-74b3-0
2016-04-15 20:42 - 2016-04-23 11:18 - 00000000 ____D C:\ProgramData\8abbfd
2016-04-15 20:42 - 2016-04-15 20:42 - 00000000 ____D C:\ProgramData\{08d665a7-412c-1}
2016-04-15 20:42 - 2016-04-15 20:42 - 00000000 ____D C:\ProgramData\{0665baf7-312c-0}
2016-04-14 10:27 - 2016-04-14 10:27 - 00000000 ___RD C:\Users\ThePollenCo\AppData\Roaming\Brother
2016-04-14 10:27 - 2016-04-14 10:27 - 00000000 ____D C:\Users\ThePollenCo\AppData\LocalLow\Brother
2016-04-12 18:58 - 2016-04-01 20:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-12 18:58 - 2016-03-29 03:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-12 18:58 - 2016-03-29 03:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 18:58 - 2016-03-29 03:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-12 18:58 - 2016-03-29 02:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-12 18:58 - 2016-03-29 02:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 18:58 - 2016-03-29 02:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 18:58 - 2016-03-29 01:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 18:58 - 2016-03-29 01:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-12 18:58 - 2016-03-29 01:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-12 18:58 - 2016-03-29 00:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-12 18:58 - 2016-03-29 00:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-12 18:58 - 2016-03-29 00:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-12 18:58 - 2016-03-29 00:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-12 18:58 - 2016-03-29 00:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-12 18:58 - 2016-03-29 00:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-12 18:58 - 2016-03-29 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-12 18:58 - 2016-03-29 00:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-12 18:58 - 2016-03-29 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-12 18:58 - 2016-03-29 00:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-12 18:58 - 2016-03-29 00:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-12 18:58 - 2016-03-28 23:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-12 18:58 - 2016-03-28 23:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 18:58 - 2016-03-28 23:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-12 18:58 - 2016-03-28 23:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-12 18:58 - 2016-03-28 23:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-12 18:58 - 2016-03-28 23:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-12 18:58 - 2016-03-28 23:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-12 18:58 - 2016-03-28 23:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-12 18:58 - 2016-03-28 23:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 18:58 - 2016-03-28 23:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-12 18:58 - 2016-03-28 23:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-12 18:58 - 2016-03-28 22:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-12 18:58 - 2016-03-28 22:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-12 18:58 - 2016-03-28 22:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-12 18:58 - 2016-03-28 22:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-12 18:58 - 2016-03-28 22:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-12 18:58 - 2016-03-28 22:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-12 18:58 - 2016-03-28 22:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 18:58 - 2016-03-28 22:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 18:58 - 2016-03-28 22:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 18:58 - 2016-03-28 22:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 18:58 - 2016-03-28 22:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 18:58 - 2016-03-28 22:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-12 18:58 - 2016-03-28 22:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 18:57 - 2016-04-01 21:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-12 18:57 - 2016-04-01 21:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-12 18:57 - 2016-04-01 21:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 18:57 - 2016-04-01 21:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-12 18:57 - 2016-04-01 20:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-12 18:57 - 2016-04-01 20:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-12 18:57 - 2016-04-01 20:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-12 18:57 - 2016-04-01 20:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-12 18:57 - 2016-04-01 20:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-12 18:57 - 2016-04-01 20:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-12 18:57 - 2016-04-01 20:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-12 18:57 - 2016-04-01 20:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-12 18:57 - 2016-04-01 20:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-12 18:57 - 2016-04-01 20:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-12 18:57 - 2016-04-01 20:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 18:57 - 2016-04-01 20:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-12 18:57 - 2016-04-01 20:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 18:57 - 2016-04-01 20:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-12 18:57 - 2016-04-01 20:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 18:57 - 2016-04-01 20:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 18:57 - 2016-04-01 20:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-12 18:57 - 2016-04-01 20:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 18:57 - 2016-03-29 03:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-12 18:57 - 2016-03-29 03:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 18:57 - 2016-03-29 03:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 18:57 - 2016-03-29 03:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 18:57 - 2016-03-29 03:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 18:57 - 2016-03-29 03:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-12 18:57 - 2016-03-29 03:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-12 18:57 - 2016-03-29 03:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-12 18:57 - 2016-03-29 03:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-12 18:57 - 2016-03-29 03:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-12 18:57 - 2016-03-29 02:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-12 18:57 - 2016-03-29 02:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-12 18:57 - 2016-03-29 02:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-12 18:57 - 2016-03-29 02:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-12 18:57 - 2016-03-29 02:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-12 18:57 - 2016-03-29 02:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-12 18:57 - 2016-03-29 02:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-12 18:57 - 2016-03-29 02:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-12 18:57 - 2016-03-29 02:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-12 18:57 - 2016-03-29 02:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-12 18:57 - 2016-03-29 02:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-12 18:57 - 2016-03-29 02:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-12 18:57 - 2016-03-29 02:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-12 18:57 - 2016-03-29 02:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-12 18:57 - 2016-03-29 02:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-12 18:57 - 2016-03-29 01:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-12 18:57 - 2016-03-29 01:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-12 18:57 - 2016-03-29 01:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-12 18:57 - 2016-03-29 01:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-12 18:57 - 2016-03-29 01:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-12 18:57 - 2016-03-29 01:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-12 18:57 - 2016-03-29 01:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-12 18:57 - 2016-03-29 01:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-12 18:57 - 2016-03-29 01:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-12 18:57 - 2016-03-29 01:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-12 18:57 - 2016-03-29 01:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-12 18:57 - 2016-03-29 01:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-12 18:57 - 2016-03-29 01:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-12 18:57 - 2016-03-29 01:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-12 18:57 - 2016-03-29 01:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-12 18:57 - 2016-03-29 01:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-12 18:57 - 2016-03-29 01:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-12 18:57 - 2016-03-29 01:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-12 18:57 - 2016-03-29 01:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-12 18:57 - 2016-03-29 01:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 18:57 - 2016-03-29 01:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-12 18:57 - 2016-03-29 01:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-12 18:57 - 2016-03-29 01:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-12 18:57 - 2016-03-29 00:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-12 18:57 - 2016-03-29 00:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-12 18:57 - 2016-03-29 00:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 18:57 - 2016-03-29 00:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-12 18:57 - 2016-03-29 00:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-12 18:57 - 2016-03-29 00:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-12 18:57 - 2016-03-29 00:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-12 18:57 - 2016-03-29 00:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-12 18:57 - 2016-03-29 00:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 18:57 - 2016-03-29 00:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-12 18:57 - 2016-03-29 00:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-12 18:57 - 2016-03-29 00:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-12 18:57 - 2016-03-29 00:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-12 18:57 - 2016-03-29 00:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-12 18:57 - 2016-03-29 00:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 18:57 - 2016-03-29 00:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-12 18:57 - 2016-03-29 00:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-12 18:57 - 2016-03-29 00:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-12 18:57 - 2016-03-29 00:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-12 18:57 - 2016-03-29 00:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-12 18:57 - 2016-03-29 00:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-12 18:57 - 2016-03-29 00:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-12 18:57 - 2016-03-29 00:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-12 18:57 - 2016-03-29 00:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-12 18:57 - 2016-03-29 00:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-12 18:57 - 2016-03-29 00:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-12 18:57 - 2016-03-29 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-12 18:57 - 2016-03-29 00:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-12 18:57 - 2016-03-29 00:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-12 18:57 - 2016-03-29 00:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-12 18:57 - 2016-03-29 00:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-12 18:57 - 2016-03-29 00:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-12 18:57 - 2016-03-29 00:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-12 18:57 - 2016-03-29 00:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-12 18:57 - 2016-03-29 00:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-12 18:57 - 2016-03-29 00:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-12 18:57 - 2016-03-29 00:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-12 18:57 - 2016-03-29 00:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-12 18:57 - 2016-03-29 00:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 18:57 - 2016-03-29 00:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-12 18:57 - 2016-03-29 00:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-12 18:57 - 2016-03-29 00:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-12 18:57 - 2016-03-29 00:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-12 18:57 - 2016-03-29 00:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-12 18:57 - 2016-03-29 00:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-12 18:57 - 2016-03-29 00:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-12 18:57 - 2016-03-29 00:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 18:57 - 2016-03-29 00:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-12 18:57 - 2016-03-29 00:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-12 18:57 - 2016-03-29 00:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-12 18:57 - 2016-03-29 00:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-12 18:57 - 2016-03-29 00:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-12 18:57 - 2016-03-29 00:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-12 18:57 - 2016-03-29 00:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-12 18:57 - 2016-03-29 00:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-12 18:57 - 2016-03-29 00:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-12 18:57 - 2016-03-29 00:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-12 18:57 - 2016-03-29 00:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-12 18:57 - 2016-03-29 00:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-12 18:57 - 2016-03-29 00:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-12 18:57 - 2016-03-29 00:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-12 18:57 - 2016-03-29 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-12 18:57 - 2016-03-29 00:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-12 18:57 - 2016-03-29 00:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-12 18:57 - 2016-03-29 00:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-12 18:57 - 2016-03-29 00:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-12 18:57 - 2016-03-29 00:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 18:57 - 2016-03-29 00:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-12 18:57 - 2016-03-29 00:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-12 18:57 - 2016-03-29 00:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-12 18:57 - 2016-03-29 00:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-12 18:57 - 2016-03-29 00:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-12 18:57 - 2016-03-29 00:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-12 18:57 - 2016-03-29 00:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-12 18:57 - 2016-03-29 00:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-12 18:57 - 2016-03-29 00:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-12 18:57 - 2016-03-29 00:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 18:57 - 2016-03-29 00:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 18:57 - 2016-03-29 00:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-12 18:57 - 2016-03-29 00:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-12 18:57 - 2016-03-29 00:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-12 18:57 - 2016-03-29 00:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-12 18:57 - 2016-03-29 00:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-12 18:57 - 2016-03-29 00:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-12 18:57 - 2016-03-29 00:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-12 18:57 - 2016-03-29 00:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-12 18:57 - 2016-03-29 00:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-12 18:57 - 2016-03-29 00:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-12 18:57 - 2016-03-29 00:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-12 18:57 - 2016-03-29 00:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 18:57 - 2016-03-29 00:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-12 18:57 - 2016-03-28 23:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-12 18:57 - 2016-03-28 23:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-12 18:57 - 2016-03-28 23:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-12 18:57 - 2016-03-28 23:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-12 18:57 - 2016-03-28 23:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-12 18:57 - 2016-03-28 23:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-12 18:57 - 2016-03-28 23:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-12 18:57 - 2016-03-28 23:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-12 18:57 - 2016-03-28 23:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 18:57 - 2016-03-28 23:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-12 18:57 - 2016-03-28 23:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-12 18:57 - 2016-03-28 23:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-12 18:57 - 2016-03-28 23:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-12 18:57 - 2016-03-28 23:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-12 18:57 - 2016-03-28 23:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-12 18:57 - 2016-03-28 23:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 18:57 - 2016-03-28 23:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-12 18:57 - 2016-03-28 23:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-12 18:57 - 2016-03-28 23:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-12 18:57 - 2016-03-28 23:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-12 18:57 - 2016-03-28 23:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-12 18:57 - 2016-03-28 23:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-12 18:57 - 2016-03-28 23:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-12 18:57 - 2016-03-28 23:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-12 18:57 - 2016-03-28 23:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-12 18:57 - 2016-03-28 23:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 18:57 - 2016-03-28 23:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-12 18:57 - 2016-03-28 23:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-12 18:57 - 2016-03-28 23:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-12 18:57 - 2016-03-28 23:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-12 18:57 - 2016-03-28 23:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-12 18:57 - 2016-03-28 23:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 18:57 - 2016-03-28 23:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-12 18:57 - 2016-03-28 23:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 18:57 - 2016-03-28 23:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-12 18:57 - 2016-03-28 23:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-12 18:57 - 2016-03-28 23:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-12 18:57 - 2016-03-28 23:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-12 18:57 - 2016-03-28 23:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-12 18:57 - 2016-03-28 23:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-12 18:57 - 2016-03-28 23:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-12 18:57 - 2016-03-28 23:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-12 18:57 - 2016-03-28 23:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-12 18:57 - 2016-03-28 23:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-12 18:57 - 2016-03-28 23:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-12 18:57 - 2016-03-28 23:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-12 18:57 - 2016-03-28 23:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-12 18:57 - 2016-03-28 23:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 18:57 - 2016-03-28 23:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-12 18:57 - 2016-03-28 23:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-12 18:57 - 2016-03-28 23:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-12 18:57 - 2016-03-28 23:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-12 18:57 - 2016-03-28 23:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-12 18:57 - 2016-03-28 23:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-12 18:57 - 2016-03-28 23:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-12 18:57 - 2016-03-28 23:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 18:57 - 2016-03-28 23:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-12 18:57 - 2016-03-28 23:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-12 18:57 - 2016-03-28 23:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-12 18:57 - 2016-03-28 23:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-12 18:57 - 2016-03-28 23:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-12 18:57 - 2016-03-28 23:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 18:57 - 2016-03-28 23:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-12 18:57 - 2016-03-28 23:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-12 18:57 - 2016-03-28 23:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-12 18:57 - 2016-03-28 22:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-12 18:57 - 2016-03-28 22:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-12 18:57 - 2016-03-28 22:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-12 18:57 - 2016-03-28 22:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-12 18:57 - 2016-03-28 22:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-12 18:57 - 2016-03-28 22:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-12 18:57 - 2016-03-28 22:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-12 18:57 - 2016-03-28 22:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-12 18:57 - 2016-03-28 22:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-12 18:57 - 2016-03-28 22:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-12 18:57 - 2016-03-28 22:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-12 18:57 - 2016-03-28 22:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-12 18:57 - 2016-03-28 22:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-12 18:57 - 2016-03-28 22:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-11 20:51 - 2016-04-11 20:51 - 00006557 _____ C:\Users\ThePollenCo\Desktop\New OpenDocument Spreadsheet.ods
2016-04-11 20:49 - 2016-04-11 20:49 - 00000000 ____D C:\Users\ThePollenCo\AppData\Roaming\com.adobe.dmp.contentviewer
2016-04-08 08:03 - 2016-04-08 08:03 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-04-06 13:11 - 2016-04-06 13:11 - 00000000 ____D C:\Users\ThePollenCo\AppData\Roaming\NVIDIA
2016-04-04 09:01 - 2016-04-04 09:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-03-26 09:26 - 2016-03-21 20:54 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160326-092620.backup
2016-03-25 22:09 - 2016-03-25 22:09 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-25 21:48 - 2016-03-25 21:48 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-03-25 21:48 - 2016-03-25 21:48 - 00001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-03-25 21:48 - 2016-03-25 21:48 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-03-25 21:48 - 2016-03-25 21:48 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-03-25 21:48 - 2016-03-25 21:48 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-03-25 21:48 - 2016-03-25 21:48 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-03-25 21:48 - 2016-03-25 21:48 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-03-25 21:48 - 2016-03-25 21:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-03-25 21:48 - 2016-03-25 21:48 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-25 21:48 - 2016-03-25 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-03-25 21:48 - 2016-03-18 14:30 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-03-25 21:48 - 2016-03-18 14:30 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2016-03-25 21:47 - 2016-03-26 09:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-25 21:47 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-03-25 21:39 - 2016-03-25 21:39 - 00558320 _____ (Safer-Networking Ltd. ) C:\Users\ThePollenCo\Downloads\spybot2-license(1).exe
2016-03-25 21:29 - 2016-04-20 11:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-25 21:29 - 2016-03-25 21:29 - 00558320 _____ (Safer-Networking Ltd. ) C:\Users\ThePollenCo\Downloads\spybot2-license.exe
2016-03-25 19:42 - 2016-04-15 20:43 - 00000000 ____D C:\ProgramData\a6c1c857-1393-1
2016-03-25 19:42 - 2016-04-15 20:43 - 00000000 ____D C:\ProgramData\a6c1c857-0403-0
2016-03-25 19:42 - 2016-03-25 19:42 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-03-25 19:41 - 2016-03-25 19:41 - 00599984 _____ C:\Users\ThePollenCo\Downloads\vlc.exe
2016-03-25 19:41 - 2016-03-25 19:41 - 00000000 ____D C:\Users\ThePollenCo\AppData\Local\Setup Wizard
2016-03-25 18:56 - 2016-03-25 18:56 - 00000000 ____D C:\Users\ThePollenCo\AppData\Local\ElevatedDiagnostics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-23 18:34 - 2016-03-17 15:10 - 00509288 _____ C:\WINDOWS\ntbtlog.txt
2016-04-23 18:30 - 2016-03-18 14:26 - 01102316 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-23 18:03 - 2016-03-18 09:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-23 16:32 - 2016-03-17 14:17 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{663E4E1D-F5E5-4CD5-BC7B-0B4F7B77CC70}
2016-04-23 15:10 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-23 15:04 - 2016-02-13 06:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-23 15:04 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-23 14:15 - 2016-03-18 15:21 - 00000000 ____D C:\Windows.old
2016-04-23 11:05 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-21 11:39 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-18 14:17 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-18 13:49 - 2016-02-13 06:11 - 11248384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-18 11:06 - 2016-03-18 14:37 - 00002418 _____ C:\Users\ThePollenCo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-18 11:06 - 2016-03-18 14:37 - 00000000 ___RD C:\Users\ThePollenCo\OneDrive
2016-04-16 15:21 - 2016-03-17 15:40 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-16 12:34 - 2016-03-17 14:17 - 00000000 ____D C:\Users\ThePollenCo\AppData\Local\Google
2016-04-15 03:30 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-15 03:30 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-15 03:30 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-15 03:30 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-14 09:29 - 2016-03-18 08:59 - 00000000 ____D C:\Users\ThePollenCo\AppData\Local\Adobe
2016-04-14 09:29 - 2016-03-17 14:24 - 00000000 ____D C:\Users\ThePollenCo\AppData\Roaming\Adobe
2016-04-14 09:29 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-14 09:28 - 2016-03-18 09:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-14 09:24 - 2016-03-18 09:51 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-14 09:24 - 2016-03-17 22:15 - 00000000 ____D C:\Users\ThePollenCo\AppData\Roaming\iolo
2016-04-12 14:14 - 2016-03-18 14:34 - 00000000 ____D C:\Users\ThePollenCo\AppData\Local\Packages
2016-04-06 11:32 - 2015-10-30 00:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 11:32 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 09:01 - 2016-03-21 20:54 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-03-24 16:03 - 2016-03-18 09:00 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some files in TEMP:
====================
C:\Users\ThePollenCo\AppData\Local\Temp\GLF32AD.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF48D9.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF4F85.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF64DA.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF7254.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF75EF.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFA322.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFA611.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFB06C.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFB2BE.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFC161.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFCF6B.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFD298.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFF69E.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFF86C.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\ThePollenCo\AppData\Local\Temp\onesave_installer_x64_2016.03.16.v1.exe
C:\Users\ThePollenCo\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 14:17

==================== End of FRST.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-04-23 11:13:51
-----------------------------
11:13:51.232 OS Version: Windows x64 6.2.9200
11:13:51.233 Number of processors: 4 586 0x170A
11:13:51.234 ComputerName: DESKTOP UserName:
11:13:52.711 Initialize success
11:13:52.732 VM: initialized successfully
11:13:52.733 VM: Intel CPU BiosDisabled
11:14:18.016 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:14:18.022 Disk 0 Vendor: KINGSTON_SKC400S37512G SAFM00.W Size: 488386MB BusType: 3
11:14:18.026 Disk 1 \Device\Harddisk1\DR2 -> \Device\00000096
11:14:18.030 Disk 1 Vendor: RICOH 02 Size: 1914MB BusType: 0
11:14:18.042 Disk 0 MBR read successfully
11:14:18.046 Disk 0 MBR scan
11:14:18.050 Disk 0 Windows 7 default MBR code
11:14:18.056 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 10175 MB offset 2048
11:14:18.061 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 99 MB offset 20842496
11:14:18.066 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 478107 MB offset 21047296
11:14:18.079 Disk 0 scanning C:\WINDOWS\system32\drivers
11:14:20.336 Service scanning
11:14:25.960 Modules scanning
11:14:25.978 Disk 0 trace - called modules:
11:14:25.986 ntoskrnl.exe CLASSPNP.SYS disk.sys vidsflt.sys ACPI.sys ataport.SYS pciide.sys hal.dll PCIIDEX.SYS atapi.sys
11:14:25.995 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00186aa0060]
11:14:26.002 3 CLASSPNP.SYS[fffff801abcb7d95] -> nt!IofCallDriver -> [0xffffe00186aa3c70]
11:14:26.009 5 vidsflt.sys[fffff801aaf0b5f1] -> nt!IofCallDriver -> [0xffffe00185fecb10]
11:14:26.015 7 ACPI.sys[fffff801aad81361] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xffffe0018693c060]
11:14:26.022 Disk 0 statistics 136068/0/0 @ 49.43 MB/s
11:14:26.029 Scan finished successfully
11:15:11.344 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\aswMBR\MBR.dat"
11:15:11.356 The log file has been saved successfully to "C:\Program Files (x86)\aswMBR\aswMBR.txt"


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-04-23 18:34:37
-----------------------------
18:34:37.436 OS Version: Windows x64 6.2.9200
18:34:37.437 Number of processors: 4 586 0x170A
18:34:37.439 ComputerName: DESKTOP UserName:
18:34:39.225 Initialize success
18:34:39.240 VM: initialized successfully
18:34:39.241 VM: Intel CPU BiosDisabled
18:34:54.260 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:34:54.265 Disk 0 Vendor: KINGSTON_SKC400S37512G SAFM00.W Size: 488386MB BusType: 3
18:34:54.269 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000036
18:34:54.272 Disk 2 Vendor: RICOH 02 Size: 1914MB BusType: 0
18:34:54.283 Disk 0 MBR read successfully
18:34:54.286 Disk 0 MBR scan
18:34:54.290 Disk 0 Windows 7 default MBR code
18:34:54.293 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 10175 MB offset 2048
18:34:54.297 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 99 MB offset 20842496
18:34:54.303 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 478107 MB offset 21047296
18:34:54.313 Disk 0 scanning C:\WINDOWS\system32\drivers
18:34:56.381 Service scanning
18:35:01.448 Modules scanning
18:35:01.460 Disk 0 trace - called modules:
18:35:01.469 ntoskrnl.exe CLASSPNP.SYS disk.sys vidsflt.sys ACPI.sys ataport.SYS pciide.sys hal.dll PCIIDEX.SYS atapi.sys
18:35:01.476 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001202d9060]
18:35:01.482 3 CLASSPNP.SYS[fffff80108367d95] -> nt!IofCallDriver -> [0xffffe001202dfe10]
18:35:01.489 5 vidsflt.sys[fffff8010658b5f1] -> nt!IofCallDriver -> [0xffffe001200ff520]
18:35:01.495 7 ACPI.sys[fffff80106401361] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xffffe00120100060]
18:35:01.501 Disk 0 statistics 136072/0/0 @ 53.24 MB/s
18:35:01.508 Scan finished successfully
18:35:09.193 Disk 0 MBR has been saved successfully to "C:\Program Files (x86)\aswMBR\MBR.dat"
18:35:09.201 The log file has been saved successfully to "C:\Program Files (x86)\aswMBR\aswMBR.txt"
Juliet
2016-04-24, 13:48
The Addition.txt wasn't posted but I think for right now we can continue.


Running from C:\Program Files (x86)\Farbar

It's best we move Farbar's to desktop.

Please go to your C:\Program Files folder, C:\Program Files (x86)\Farbar - locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{2cb75212-a29f-4415-a03a-de6bae51d13e}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{2cb75212-a29f-4415-a03a-de6bae51d13e}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{38936d5e-af80-4f9f-9e9c-f21fa582c303}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{80fd0845-4c85-4fc6-b5d3-1a608ddf1df1}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{80fd0845-4c85-4fc6-b5d3-1a608ddf1df1}: [DhcpNameServer] 82.163.143.171
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-2887477034-1223843238-734396661-1005 -> {3E35BEF9-7F9B-45EF-B2D8-745DE8BAEF3C} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G3Qzgutbl338BD,b87d8d38-f9af-42ad-b88d-48e55f5e1c24,
SearchScopes: HKU\S-1-5-21-2887477034-1223843238-734396661-1005 -> {3E35BEF9-7F9B-45EF-B2D8-745DE8BAEF3C} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G3Qzgutbl338BD,b87d8d38-f9af-42ad-b88d-48e55f5e1c24,
SearchScopes: HKU\S-1-5-21-2887477034-1223843238-734396661-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-21] (Oracle Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\ThePollenCo\AppData\Local\Temp\GLF32AD.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF48D9.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF4F85.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF64DA.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF7254.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF75EF.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFA322.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFA611.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFB06C.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFB2BE.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFC161.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFCF6B.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFD298.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFF69E.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFF86C.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\ThePollenCo\AppData\Local\Temp\onesave_installer_x64_2016.03.16.v1.exe
C:\Users\ThePollenCo\AppData\Local\Temp\tu17p84.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php)


Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.



~~~~~~~
Please post
Fixlog.txt
AdwCleaner[C1].txt
Malwarebytes Anti-Malware
johnboyx570
2016-04-26, 06:01
Here is the Fix Log. I will do the The next two steps and post right away. Thank you so much for your help.



Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by ThePollenCo (2016-04-25 20:51:42) Run:1
Running from C:\Users\ThePollenCo\Desktop
Loaded Profiles: ThePollenCo (Available Profiles: ThePollenCo & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{2cb75212-a29f-4415-a03a-de6bae51d13e}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{2cb75212-a29f-4415-a03a-de6bae51d13e}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{38936d5e-af80-4f9f-9e9c-f21fa582c303}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{80fd0845-4c85-4fc6-b5d3-1a608ddf1df1}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{80fd0845-4c85-4fc6-b5d3-1a608ddf1df1}: [DhcpNameServer] 82.163.143.171
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-2887477034-1223843238-734396661-1005 -> {3E35BEF9-7F9B-45EF-B2D8-745DE8BAEF3C} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G3Qzgutbl338BD,b87d8d38-f9af-42ad-b88d-48e55f5e1c24,
SearchScopes: HKU\S-1-5-21-2887477034-1223843238-734396661-1005 -> {3E35BEF9-7F9B-45EF-B2D8-745DE8BAEF3C} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G3Qzgutbl338BD,b87d8d38-f9af-42ad-b88d-48e55f5e1c24,
SearchScopes: HKU\S-1-5-21-2887477034-1223843238-734396661-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-21] (Oracle Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\ThePollenCo\AppData\Local\Temp\GLF32AD.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF48D9.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF4F85.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF64DA.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF7254.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLF75EF.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFA322.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFA611.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFB06C.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFB2BE.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFC161.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFCF6B.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFD298.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFF69E.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\GLFF86C.EXE
C:\Users\ThePollenCo\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\ThePollenCo\AppData\Local\Temp\onesave_installer_x64_2016.03.16.v1.exe
C:\Users\ThePollenCo\AppData\Local\Temp\tu17p84.exe
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2cb75212-a29f-4415-a03a-de6bae51d13e}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2cb75212-a29f-4415-a03a-de6bae51d13e}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{38936d5e-af80-4f9f-9e9c-f21fa582c303}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80fd0845-4c85-4fc6-b5d3-1a608ddf1df1}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80fd0845-4c85-4fc6-b5d3-1a608ddf1df1}\\DhcpNameServer => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKU\S-1-5-21-2887477034-1223843238-734396661-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E35BEF9-7F9B-45EF-B2D8-745DE8BAEF3C}" => key removed successfully
HKCR\CLSID\{3E35BEF9-7F9B-45EF-B2D8-745DE8BAEF3C} => key not found.
HKU\S-1-5-21-2887477034-1223843238-734396661-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E35BEF9-7F9B-45EF-B2D8-745DE8BAEF3C} => key not found.
HKCR\CLSID\{3E35BEF9-7F9B-45EF-B2D8-745DE8BAEF3C} => key not found.
"HKU\S-1-5-21-2887477034-1223843238-734396661-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.73.2" => key removed successfully
C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2" => key removed successfully
C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll => moved successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLF32AD.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLF48D9.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLF4F85.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLF64DA.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLF7254.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLF75EF.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLFA322.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLFA611.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLFB06C.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLFB2BE.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLFC161.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLFCF6B.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLFD298.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLFF69E.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\GLFF86C.EXE => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\jre-8u91-windows-au.exe => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\onesave_installer_x64_2016.03.16.v1.exe => moved successfully
C:\Users\ThePollenCo\AppData\Local\Temp\tu17p84.exe => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset all =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => 1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:53:34 ====
johnboyx570
2016-04-26, 06:10
# AdwCleaner v5.113 - Logfile created 25/04/2016 at 21:03:47
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 10 Home (X64)
# Username : ThePollenCo - DESKTOP
# Running from : C:\Users\ThePollenCo\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\452e967a-0721-0
[-] Folder Deleted : C:\ProgramData\452e967a-11d3-1
[-] Folder Deleted : C:\ProgramData\452e967a-16f1-1
[-] Folder Deleted : C:\ProgramData\452e967a-1997-0
[-] Folder Deleted : C:\ProgramData\452e967a-1a37-1
[-] Folder Deleted : C:\ProgramData\452e967a-2763-0
[-] Folder Deleted : C:\ProgramData\452e967a-2ee3-1
[-] Folder Deleted : C:\ProgramData\452e967a-3093-0
[-] Folder Deleted : C:\ProgramData\452e967a-32b7-0
[-] Folder Deleted : C:\ProgramData\452e967a-3bd7-0
[-] Folder Deleted : C:\ProgramData\452e967a-3c71-1
[-] Folder Deleted : C:\ProgramData\452e967a-3d95-0
[-] Folder Deleted : C:\ProgramData\452e967a-3ff3-0
[-] Folder Deleted : C:\ProgramData\452e967a-4151-0
[-] Folder Deleted : C:\ProgramData\452e967a-5021-1
[-] Folder Deleted : C:\ProgramData\452e967a-6193-1
[-] Folder Deleted : C:\ProgramData\452e967a-61d1-0
[-] Folder Deleted : C:\ProgramData\452e967a-6775-1
[-] Folder Deleted : C:\ProgramData\452e967a-72f3-1
[-] Folder Deleted : C:\ProgramData\452e967a-74b3-0
[-] Folder Deleted : C:\ProgramData\452e967a-7d71-0
[-] Folder Deleted : C:\ProgramData\a6c1c857-0403-0
[-] Folder Deleted : C:\ProgramData\a6c1c857-1393-1
[-] Folder Deleted : C:\ProgramData\{0665baf7-312c-0}
[-] Folder Deleted : C:\ProgramData\{08d665a7-412c-1}
[#] Folder Deleted : C:\ProgramData\Application Data\Partner
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-0721-0
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-11d3-1
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-16f1-1
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-1997-0
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-1a37-1
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-2763-0
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-2ee3-1
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-3093-0
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-32b7-0
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-3bd7-0
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-3c71-1
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-3d95-0
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-3ff3-0
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-4151-0
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-5021-1
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-6193-1
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-61d1-0
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-6775-1
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-72f3-1
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-74b3-0
[#] Folder Deleted : C:\ProgramData\Application Data\452e967a-7d71-0
[#] Folder Deleted : C:\ProgramData\Application Data\a6c1c857-0403-0
[#] Folder Deleted : C:\ProgramData\Application Data\a6c1c857-1393-1
[#] Folder Deleted : C:\ProgramData\Application Data\{0665baf7-312c-0}
[#] Folder Deleted : C:\ProgramData\Application Data\{08d665a7-412c-1}

***** [ Files ] *****

[-] File Deleted : C:\Users\ThePollenCo\Desktop\eBay.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : IBUpd2

***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [DeskBar.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nowuseeitplayer.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ui.nowuseeitplayer.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\eshopcomp.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pstatic.eshopcomp.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\utop.it
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www-searching.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\eshopcomp.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\utop.it
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www-searching.com
[-] Value Deleted : HKU\S-1-5-21-2887477034-1223843238-734396661-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [NowUSeeIt Player]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6527 bytes] - [25/04/2016 21:03:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [6170 bytes] - [25/04/2016 20:59:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6673 bytes] ##########
johnboyx570
2016-04-26, 06:28
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 4/25/2016 9:09 PM, SYSTEM, DESKTOP, Protection, Malware Protection, Starting,
Protection, 4/25/2016 9:09 PM, SYSTEM, DESKTOP, Protection, Malware Protection, Started,
Protection, 4/25/2016 9:09 PM, SYSTEM, DESKTOP, Protection, Malicious Website Protection, Starting,
Protection, 4/25/2016 9:09 PM, SYSTEM, DESKTOP, Protection, Malicious Website Protection, Started,
Update, 4/25/2016 9:09 PM, SYSTEM, DESKTOP, Manual, Rootkit Database, 2016.2.8.1, 2016.4.17.1,
Update, 4/25/2016 9:09 PM, SYSTEM, DESKTOP, Manual, Remediation Database, 2016.2.12.1, 2016.4.19.1,
Update, 4/25/2016 9:09 PM, SYSTEM, DESKTOP, Manual, Domain Database, 2016.2.16.8, 2016.4.25.10,
Update, 4/25/2016 9:09 PM, SYSTEM, DESKTOP, Manual, IP Database, 2016.2.8.1, 2016.4.25.1,
Update, 4/25/2016 9:09 PM, SYSTEM, DESKTOP, Manual, Malware Database, 2016.2.16.6, 2016.4.26.1,
Protection, 4/25/2016 9:09 PM, SYSTEM, DESKTOP, Protection, Refresh, Starting,
Protection, 4/25/2016 9:09 PM, SYSTEM, DESKTOP, Protection, Malicious Website Protection, Stopping,
Protection, 4/25/2016 9:09 PM, SYSTEM, DESKTOP, Protection, Malicious Website Protection, Stopped,
Protection, 4/25/2016 9:10 PM, SYSTEM, DESKTOP, Protection, Refresh, Success,
Protection, 4/25/2016 9:10 PM, SYSTEM, DESKTOP, Protection, Malicious Website Protection, Starting,
Protection, 4/25/2016 9:10 PM, SYSTEM, DESKTOP, Protection, Malicious Website Protection, Started,
Scan, 4/25/2016 9:19 PM, SYSTEM, DESKTOP, Manual, Start:4/25/2016 9:10 PM, Duration:7 min 5 sec, Threat Scan, Completed, 0 Malware Detections, 8 Non-Malware Detections,
Protection, 4/25/2016 9:20 PM, SYSTEM, DESKTOP, Protection, Malware Protection, Starting,
Protection, 4/25/2016 9:20 PM, SYSTEM, DESKTOP, Protection, Malware Protection, Started,
Protection, 4/25/2016 9:20 PM, SYSTEM, DESKTOP, Protection, Malicious Website Protection, Starting,
Protection, 4/25/2016 9:21 PM, SYSTEM, DESKTOP, Protection, Malicious Website Protection, Started,

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/25/2016
Scan Time: 9:10 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.26.01
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: ThePollenCo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 473074
Time Elapsed: 7 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [e386f8bb079290a67408e907a161b44c],
PUP.Optional.DeskBar, HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASAPI32, Quarantined, [2f3ae1d2455489ad3737b5ad4fb5d828],
PUP.Optional.DeskBar, HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASMANCS, Quarantined, [f376b4ff6c2d2f07145ac39f669e45bb],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.SoftPulse, C:\Users\ThePollenCo\Downloads\vlc.exe, Quarantined, [df8a6152adec0b2b3016066b54adfc04],
PUP.Optional.OneSave, C:\Users\ThePollenCo\AppData\Local\Setup Wizard\47ad0651-184f-4f25-8851-dc2d6c446afb\onesavesetup.exe, Quarantined, [1e4b3a79efaa2511afc9214a3fc642be],
PUP.Optional.Wajam, C:\Users\ThePollenCo\AppData\Local\Setup Wizard\8a9aeb5c-98c7-4c4b-b1b5-457a8f3a1bfe\wwe_1.63.101.18.exe, Quarantined, [42278c273d5cc67073c5c3611ae845bb],
PUP.Optional.SystemHealer, C:\Users\ThePollenCo\AppData\Local\Setup Wizard\fa480891-3b85-414f-b41e-0f3b48514fbd\systemhealer.exe, Quarantined, [640550636435bc7adc19bb04e918837d],
PUP.Optional.FakeIELaunch, C:\Users\ThePollenCo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk, Quarantined, [c5a450632e6b4fe7d43b5a0913f153ad],

Physical Sectors: 0
(No malicious items detected)


(end)
Juliet
2016-04-26, 11:17
Please go to this web site and verify which version of Java you have on the computer
https://www.java.com/en/download/installed.jsp

~~~~~~~~~~~~~~~~~~``
What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://i.imgur.com/KN1w2nv.png and click http://i.imgur.com/SzOC1p0.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.




How is your computer now?
johnboyx570
2016-04-28, 05:24
So far so good. Computer has been acting well.

I had Java Uninstall the old version and install the current. I will do the eset now. Spybot is my running antivirus - so i'll disable that. I think defender is already disabled. Be back with a log. Thank You!
Juliet
2016-04-28, 11:45
So far so good. Computer has been acting well.

Good deal
Juliet
2016-04-29, 11:40
Still need help?
johnboyx570
2016-04-29, 20:40
Eset came up with nothing. Everything looks good from here.

I didnt see a log generated by eset on the desktop so nothing to post.

Thank you for your help!

Makes me glad to be a paid subscriber of safer networking.
Juliet
2016-04-29, 23:13
Eset came up with nothing. Everything looks good from here.

I didnt see a log generated by eset on the desktop so nothing to post.

Thank you for your help!
Makes me glad to be a paid subscriber of safer networking.

Good deal then!

If there was nothing found no log is needed.


~~~~~~~~~~~~~~~~~~

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.

Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools


Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.



Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.
Juliet
2016-05-06, 16:04
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.