Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unable to remove Trojan:Win64/patched.az.gen!dll

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unable to remove Trojan:Win64/patched.az.gen!dll

Unread postby ryno_21 » December 13th, 2015, 11:29 am

Hi,

Windows Defender has detected the Trojan:Win64/patched.az.gen!dll and I cannot to get rid of it.

I cannot run Malwarebytes or SpyHunter as it will not let me install them. There should be no P2P or cracked programmes as they have all been removed. If the helper detects any from these logs please let me know and I will delete.

I will paste FRST and Addition in separate replies as it says there is too much if post in the same window.

Please, any help is appreciated

Thank you
ryno_21
Member+
 
Posts: 4
Joined: December 13th, 2015, 11:21 am
Advertisement
Register to Remove

Re: Unable to remove Trojan:Win64/patched.az.gen!dll

Unread postby ryno_21 » December 13th, 2015, 11:30 am

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by admin (administrator) on CHRISTHOMAS (13-12-2015 11:29:11)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & DefaultAppPool)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
(Spotify Ltd) C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\admin\Desktop\U1304.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.4020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-18] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [BitTorrent] => C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-10] (BitTorrent Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [Google Update] => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2345584 2015-12-01] (Spotify Ltd)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [Spotify] => C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe [8270448 2015-12-01] (Spotify Ltd)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-04] (Google Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [DeskBar] => C:\Users\admin\AppData\Local\DeskBar\dblaunch.exe [239104 2015-11-09] ()
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-12]
ShortcutTarget: SmartWeb.lnk -> C:\Users\admin\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3515164915-2860861682-270758949-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-3515164915-2860861682-270758949-1000] => 127.0.0.1:9666
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{23f78ea8-39df-45e2-94cc-9220b0f1c01d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{41f58f90-1dd7-44ce-84b8-bf08657bdb81}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId= ... kId=255141
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID= ... 7953BE6032
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/
URLSearchHook: HKLM-x32 - (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3515164915-2860861682-270758949-1000 -> {39E20AE7-59E6-4072-BBF1-E8FCFC883642} URL = hxxp://search.yahoo.com/search?fr=chr-g ... =714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3515164915-2860861682-270758949-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3515164915-2860861682-270758949-1000 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1449929700&a=1024132&uuid=b52dc2a9-b058-401e-b2f1-ad7994814e13
SearchScopes: HKU\S-1-5-21-3515164915-2860861682-270758949-1000 -> {E516D6F3-65F1-4F9B-9466-925DED6EE285} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=FCCztutdk0004,1f163b47-ad6b-447b-9ad7-0e6a63c39609
BHO: YoutubeAdblocker -> {24E53A1A-B562-30F4-23A6-75DF529C4E4A} -> C:\Program Files (x86)\YoutubeAdblocker\THVtn7x.x64.dll => No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-10] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: No Name -> {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-10] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - No Name - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
Toolbar: HKU\S-1-5-21-3515164915-2860861682-270758949-1000 -> No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No File
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} hxxps://uos-portal.salford.ac.uk/Intern ... ompMgr.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-18] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "127.0.0.1"
FF NetworkProxy: "backup.ftp_port", 9666
FF NetworkProxy: "backup.socks", "127.0.0.1"
FF NetworkProxy: "backup.socks_port", 9666
FF NetworkProxy: "backup.ssl", "127.0.0.1"
FF NetworkProxy: "backup.ssl_port", 9666
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 9666
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 9666
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9666
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 9666
FF NetworkProxy: "type", 0
FF Homepage: hxxp://houmpage.com/?src=hp&ssid=144992 ... 7994814e13
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @citrixonline.com/appdetectorplugin -> C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @talk.google.com/O1DPlugin -> C:\Users\admin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @tools.google.com/Google Update;version=3 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @tools.google.com/Google Update;version=9 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-10] (Google Inc.)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228\user.js [2015-12-12]
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-04-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Add to Amazon Wish List Button - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228\extensions\amznUWL2@amazon.com.xpi [2014-08-02] [not signed]
FF Extension: Pocket - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228\extensions\isreaditlater@ideashower.com [2014-10-03] [not signed]
FF Extension: Media Hint - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228\Extensions\mediahint@jetpack.xpi [2014-05-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-12-04] [not signed]

Chrome:
=======
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=FCCztutdk0004,1f163b47-ad6b-447b-9ad7-0e6a63c39609&vp=ch&prd=set_ch"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2015-12-06]
CHR Extension: (Pocket) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Diner Builder) - C:\Users\admin\AppData\Local\Diner Builder\Component [2015-12-12]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\admin\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-03]
CHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\admin\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\admin\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-12-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [619328 2013-06-29] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-03] (Synaptics Incorporated)
S2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [169280 2013-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /svc [X]
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-07-28] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [2668424 2015-06-08] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-13 11:26 - 2015-12-13 11:29 - 00029567 _____ C:\Users\admin\Desktop\FRST.txt
2015-12-13 11:24 - 2015-12-13 11:26 - 00628314 _____ C:\WINDOWS\SPSS 17 Uninstall Log.txt
2015-12-13 11:13 - 2015-12-13 11:13 - 00016148 _____ C:\WINDOWS\system32\CHRISTHOMAS_admin_HistoryPrediction.bin
2015-12-13 05:33 - 2015-12-13 05:34 - 00000000 ____D C:\WINDOWS\system32\config\mybackup
2015-12-13 05:07 - 2015-12-13 05:07 - 00000000 ___HD C:\$Windows.~BT
2015-12-13 05:07 - 2015-12-13 05:07 - 00000000 _____ C:\Recovery.txt
2015-12-13 05:06 - 2015-12-13 05:07 - 00000000 ___HD C:\$SysReset
2015-12-12 21:59 - 2015-12-13 11:29 - 00000000 ____D C:\FRST
2015-12-12 21:58 - 2015-12-12 21:59 - 02369536 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-12-12 21:46 - 2015-12-12 21:46 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-12 21:37 - 2015-12-12 21:37 - 00278304 _____ C:\WINDOWS\Minidump\121215-39453-01.dmp
2015-12-12 21:16 - 2015-12-12 21:25 - 00313504 _____ C:\WINDOWS\ntbtlog.txt
2015-12-12 20:46 - 2015-12-12 20:46 - 00000000 ____D C:\Users\admin\AppData\Local\AvgSetupLog
2015-12-12 20:46 - 2015-12-12 20:46 - 00000000 ____D C:\Users\admin\AppData\Local\Avg
2015-12-12 20:35 - 2015-12-12 20:35 - 00000000 ____D C:\7200e41f036706b356537d
2015-12-12 20:30 - 2015-12-12 20:30 - 00000000 ____D C:\WINDOWS\system32\fafg
2015-12-12 18:16 - 2015-12-12 17:55 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\admin\Desktop\SpyHunter-Installer.exe
2015-12-12 17:13 - 2015-12-12 17:13 - 00000000 ____D C:\WINDOWS\system32\toic
2015-12-12 16:43 - 2015-12-12 20:43 - 00000470 _____ C:\WINDOWS\Tasks\SPBIW_UpdateTask_Time_3431303934343133382d5737325a786c5a3237344541.job
2015-12-12 16:42 - 2015-12-12 16:42 - 00000000 ____D C:\WINDOWS\system32\goj
2015-12-12 16:40 - 2015-12-12 16:42 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-12-12 16:40 - 2015-12-12 16:40 - 00004408 _____ C:\WINDOWS\System32\Tasks\SPBIW_UpdateTask_Time_3431303934343133382d57783245782a5a3437324557
2015-12-12 16:40 - 2015-12-12 16:40 - 00003682 _____ C:\WINDOWS\System32\Tasks\ShopperProJSUpd
2015-12-12 16:40 - 2015-12-12 16:40 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-12-12 16:40 - 2015-12-12 16:40 - 00000000 ____D C:\ProgramData\ShopperPro
2015-12-12 16:32 - 2015-12-12 16:32 - 00003228 _____ C:\WINDOWS\System32\Tasks\{3B2335E8-805F-4B6D-9A2D-426160A3578E}
2015-12-12 16:24 - 2015-12-12 16:24 - 00000000 ____D C:\Users\admin\AppData\LocalLow\BitTorrent
2015-12-12 15:54 - 2015-12-12 21:38 - 00000410 __RSH C:\ProgramData\ntuser.pol
2015-12-12 15:47 - 2015-12-12 15:47 - 00003162 _____ C:\WINDOWS\System32\Tasks\spw3016
2015-12-12 15:25 - 2015-12-12 15:25 - 00000017 _____ C:\WINDOWS\SysWOW64\history.dat
2015-12-12 15:14 - 2015-12-12 21:37 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-12 15:14 - 2015-12-12 15:14 - 00284208 _____ C:\WINDOWS\Minidump\121215-31687-01.dmp
2015-12-12 15:11 - 2015-12-12 15:15 - 00004752 _____ C:\WINDOWS\SysWOW64\Coiiigsa.ini
2015-12-12 15:11 - 2015-12-12 15:15 - 00002464 _____ C:\WINDOWS\SysWOW64\CoiiigsaOff.ini
2015-12-12 15:11 - 2015-12-12 15:15 - 00002464 _____ C:\WINDOWS\system32\CoiiigsaOff.ini
2015-12-12 15:11 - 2015-12-12 15:11 - 00003416 _____ C:\WINDOWS\System32\Tasks\Zutykenb
2015-12-12 15:11 - 2015-12-12 15:11 - 00000000 ____D C:\Users\admin\AppData\Roaming\VautKue
2015-12-12 15:11 - 2015-12-12 15:11 - 00000000 ____D C:\Users\admin\AppData\Local\DeskBar
2015-12-12 15:11 - 2015-12-12 13:47 - 00375152 _____ C:\WINDOWS\system32\Coiiigsa64.dll
2015-12-12 15:11 - 2015-12-12 13:47 - 00289136 _____ C:\WINDOWS\SysWOW64\Coiiigsa.dll
2015-12-12 15:07 - 2015-12-12 15:20 - 00000000 ____D C:\Users\admin\AppData\Roaming\RunDir
2015-12-12 15:07 - 2015-12-12 15:07 - 00004784 _____ C:\WINDOWS\SysWOW64\Ubazofi.ini
2015-12-12 15:07 - 2015-12-12 15:07 - 00002504 _____ C:\WINDOWS\SysWOW64\UbazofiOff.ini
2015-12-12 15:07 - 2015-12-12 15:07 - 00002504 _____ C:\WINDOWS\system32\UbazofiOff.ini
2015-12-12 15:07 - 2015-12-12 15:07 - 00000000 ____D C:\Users\admin\AppData\Roaming\NetService
2015-12-12 15:07 - 2015-12-12 13:52 - 00375144 _____ C:\WINDOWS\system32\Ubazofi64.dll
2015-12-12 15:07 - 2015-12-12 13:52 - 00289128 _____ C:\WINDOWS\SysWOW64\Ubazofi.dll
2015-12-12 15:06 - 2015-12-12 15:11 - 00000000 ____D C:\Users\admin\AppData\Local\Tempfolder
2015-12-12 15:06 - 2015-12-12 15:06 - 00034712 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-12-12 15:06 - 2015-12-12 15:06 - 00003416 _____ C:\WINDOWS\System32\Tasks\Rerlaply
2015-12-12 15:06 - 2015-12-12 15:06 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Company
2015-12-12 15:06 - 2015-12-12 15:06 - 00000000 ____D C:\Users\admin\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-12-12 15:06 - 2015-12-12 15:06 - 00000000 ____D C:\uninst
2015-12-12 15:05 - 2015-12-12 16:31 - 00000000 ____D C:\Users\admin\AppData\Local\SmartWeb
2015-12-12 15:05 - 2015-12-12 16:23 - 00000366 ____H C:\WINDOWS\Tasks\SXJVXMRYODXGIOSL.job
2015-12-12 15:05 - 2015-12-12 15:05 - 00004134 _____ C:\WINDOWS\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-12-12 15:05 - 2015-12-12 15:05 - 00003442 _____ C:\WINDOWS\System32\Tasks\SXJVXMRYODXGIOSL
2015-12-12 15:05 - 2015-12-12 15:05 - 00000000 ____D C:\ProgramData\Service1291
2015-12-12 15:05 - 2015-12-12 15:05 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-12-12 14:17 - 2015-12-12 14:20 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-12-12 14:16 - 2015-12-12 14:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\SpringFiles
2015-12-12 14:15 - 2015-12-12 14:15 - 00185856 _____ C:\WINDOWS\rsrcs.dll
2015-12-12 14:15 - 2015-12-12 14:15 - 00003266 _____ C:\WINDOWS\System32\Tasks\Diner Builder
2015-12-12 14:15 - 2015-12-12 14:15 - 00003254 _____ C:\WINDOWS\System32\Tasks\Diner Builder2
2015-12-12 14:15 - 2015-12-12 14:15 - 00000966 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-12-12 14:15 - 2015-12-12 14:15 - 00000000 ____D C:\Users\admin\AppData\Local\Diner Builder
2015-12-12 14:15 - 2015-12-12 14:15 - 00000000 ____D C:\ProgramData\27d21954-6c17-1
2015-12-12 14:15 - 2015-12-12 14:15 - 00000000 ____D C:\ProgramData\27d21954-0ff7-0
2015-12-12 14:13 - 2015-12-12 14:13 - 00000000 ____D C:\Users\admin\AppData\Local\Nico Mak Computing
2015-12-12 14:12 - 2015-12-12 14:19 - 00000000 ____D C:\ProgramData\WinZip
2015-12-12 14:07 - 2015-12-12 14:07 - 00000000 ____D C:\ProgramData\UniqueId
2015-12-11 20:29 - 2015-12-12 15:06 - 00056728 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-12-10 13:19 - 2015-12-13 08:44 - 00000000 ____D C:\Users\admin\Desktop\utmp
2015-12-10 13:19 - 2015-12-12 16:32 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8B2598D4-4884-43E4-9D3C-7205A56A6923}
2015-12-10 12:34 - 2015-12-10 12:33 - 00278624 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-12-10 12:33 - 2015-12-10 12:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\Sun
2015-12-10 12:33 - 2015-12-10 12:33 - 00000000 ____D C:\Users\admin\.oracle_jre_usage
2015-12-10 12:22 - 2015-12-10 12:22 - 00003756 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-10 12:18 - 2015-12-13 08:39 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 12:12 - 2015-12-10 12:12 - 06420480 _____ C:\Program Files (x86)\GUT2D9F.tmp
2015-12-10 12:12 - 2015-12-10 12:12 - 00000000 ____D C:\Program Files (x86)\GUM2D9E.tmp
2015-11-23 13:29 - 2015-11-23 13:29 - 00000000 ____D C:\Users\admin\AppData\Local\OfficeBSCache-MyComputer
2015-11-23 13:22 - 2015-11-23 13:22 - 00000000 ____D C:\Program Files\Recuva
2015-11-19 21:12 - 2015-12-10 12:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-19 21:12 - 2015-11-19 21:12 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-11-18 13:21 - 2015-11-18 13:21 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-17 12:56 - 2015-11-18 13:17 - 00000000 ____D C:\Users\admin\AppData\Local\LogMeIn Rescue Applet
2015-11-13 09:34 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-13 09:34 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-13 09:34 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-13 09:34 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-13 09:34 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-13 09:34 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-13 09:34 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-13 09:34 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-13 09:34 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-13 09:34 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-13 09:34 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-13 09:34 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-13 09:34 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-13 09:34 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-13 09:34 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-13 09:34 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-13 09:34 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-13 09:34 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-13 09:34 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-13 09:34 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-13 09:34 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-13 09:34 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-13 09:34 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-13 09:34 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-13 09:34 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-13 09:34 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-13 09:34 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-13 09:34 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-13 09:34 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-13 09:33 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-13 09:33 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-13 09:33 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-13 09:33 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-13 09:33 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-13 09:33 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-13 09:33 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-13 09:33 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-13 09:33 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-13 09:33 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-13 09:33 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-13 09:33 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-13 09:33 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-13 09:33 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-13 09:33 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-13 09:33 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-13 09:33 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-13 09:33 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-13 09:33 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-13 09:33 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-13 09:33 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-13 09:33 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-13 09:33 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-13 09:33 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-13 11:29 - 2013-09-28 18:01 - 00000600 _____ C:\Users\admin\PUTTY.RND
2015-12-13 11:27 - 2015-07-10 09:05 - 00000000 ____D C:\Windows
2015-12-13 11:26 - 2013-11-03 17:03 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers
2015-12-13 11:15 - 2015-08-17 12:24 - 00000000 ____D C:\Users\admin
2015-12-13 11:11 - 2014-03-02 10:01 - 00000370 _____ C:\WINDOWS\Tasks\AmiUpdXp.job
2015-12-13 10:59 - 2015-08-17 12:23 - 01009718 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-13 10:59 - 2015-07-10 11:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-13 10:47 - 2013-11-03 14:47 - 00000292 _____ C:\WINDOWS\Tasks\DigitalSite.job
2015-12-13 10:43 - 2014-06-28 16:23 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA.job
2015-12-13 10:38 - 2012-08-19 02:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-13 09:43 - 2014-06-28 16:23 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core.job
2015-12-13 08:51 - 2015-08-17 12:47 - 00002616 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-13 08:48 - 2015-07-10 11:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-13 08:48 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-13 08:41 - 2014-08-13 08:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Spotify
2015-12-13 08:40 - 2014-08-13 09:00 - 00000000 ____D C:\Users\admin\AppData\Local\Spotify
2015-12-13 05:07 - 2015-08-17 21:15 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-12 22:07 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-12 21:51 - 2015-10-03 16:48 - 00002115 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-12-12 21:51 - 2015-10-03 16:48 - 00002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-12-12 21:51 - 2015-10-03 16:48 - 00002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-12-12 21:51 - 2015-10-03 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-12-12 21:38 - 2013-07-04 14:18 - 00000503 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-12-12 21:37 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-12 21:36 - 2013-06-28 20:00 - 281157024 _____ C:\WINDOWS\MEMORY.DMP
2015-12-12 20:50 - 2015-09-08 17:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-12 20:30 - 2015-07-10 09:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-12-12 20:01 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-12 16:42 - 2014-11-29 18:26 - 00000000 ___RD C:\Users\admin\OneDrive
2015-12-12 16:34 - 2013-06-27 03:43 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2015-12-12 16:27 - 2013-06-28 20:13 - 00000000 ___RD C:\Users\admin\Dropbox
2015-12-12 16:27 - 2013-06-28 20:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\Dropbox
2015-12-12 16:25 - 2015-10-03 16:48 - 00000000 ___RD C:\Users\admin\Google Drive
2015-12-12 16:24 - 2013-06-29 17:02 - 00000000 ____D C:\Users\admin\AppData\Roaming\BitTorrent
2015-12-12 15:57 - 2015-08-17 12:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-12 15:52 - 2009-07-14 03:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-12-12 15:27 - 2014-03-02 10:01 - 00003442 _____ C:\WINDOWS\System32\Tasks\AmiUpdXp
2015-12-12 14:51 - 2014-01-15 15:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2015-12-12 14:51 - 2014-01-15 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-12 14:43 - 2015-01-27 12:41 - 00002255 _____ C:\Users\admin\Desktop\Chrome App Launcher.lnk
2015-12-12 13:48 - 2014-12-01 08:55 - 00000000 ____D C:\Users\admin\AppData\Local\E66673C4-8B55-4180-B023-460EC7F40E67.aplzod
2015-12-12 10:26 - 2015-08-17 13:02 - 00002404 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-10 18:27 - 2014-01-13 10:28 - 00000000 ____D C:\Users\admin\AppData\Local\Packages
2015-12-10 17:44 - 2014-06-28 16:23 - 00004048 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA
2015-12-10 17:44 - 2014-06-28 16:23 - 00003672 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core
2015-12-10 12:35 - 2013-12-09 12:21 - 00000000 ____D C:\ProgramData\Oracle
2015-12-10 12:34 - 2013-12-09 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-10 12:34 - 2013-07-31 15:12 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-10 12:33 - 2013-12-09 12:20 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-12-10 12:10 - 2015-07-10 12:20 - 04970024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-09 03:39 - 2012-08-19 01:35 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-05 15:07 - 2012-08-19 01:41 - 00000000 ____D C:\Users\admin\AppData\Local\Microsoft Help
2015-11-23 18:42 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-22 14:27 - 2013-07-24 15:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-22 12:51 - 2012-08-19 01:50 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-20 10:04 - 2012-08-19 01:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-19 21:15 - 2013-06-28 22:17 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2015-11-19 21:13 - 2015-01-08 09:52 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-19 21:12 - 2013-06-28 22:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-19 21:12 - 2012-08-19 02:48 - 00000000 ____D C:\ProgramData\Adobe
2015-11-18 13:36 - 2015-07-10 11:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-18 13:21 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-18 13:13 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-17 12:32 - 2015-10-03 16:50 - 00000000 ____D C:\Users\admin\AppData\Local\Comms

==================== Files in the root of some directories =======

2015-12-10 12:12 - 2015-12-10 12:12 - 6420480 _____ () C:\Program Files (x86)\GUT2D9F.tmp
2013-11-03 15:47 - 2014-01-15 10:00 - 0000113 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2013-12-31 16:04 - 2014-01-03 10:31 - 0000005 _____ () C:\Users\admin\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-11-03 15:47 - 2014-01-15 10:00 - 0000005 _____ () C:\Users\admin\AppData\Roaming\WBPU-TTL.DAT
2014-04-21 10:50 - 2014-10-05 17:24 - 0007168 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-21 21:35 - 2011-11-21 21:35 - 0010275 _____ () C:\ProgramData\regid.1995-04.com.kistler_2B134736-2DB6-488E-BB15-FC19631EE635.swidtag
2011-11-22 13:54 - 2011-11-22 13:54 - 0010260 _____ () C:\ProgramData\regid.1995-04.com.kistler_FE724B72-8B8B-4B49-85FE-24AC4E84CC09.swidtag

Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\amisetup0839__16165.exe
C:\Users\admin\AppData\Local\Temp\amisetup5185__15940.exe
C:\Users\admin\AppData\Local\Temp\avg1F0A.exe
C:\Users\admin\AppData\Local\Temp\avgB12D.exe
C:\Users\admin\AppData\Local\Temp\avgDDAC.exe
C:\Users\admin\AppData\Local\Temp\avgEE99.exe
C:\Users\admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpabi_j3.dll
C:\Users\admin\AppData\Local\Temp\f9IgQ6Jn1q.exe
C:\Users\admin\AppData\Local\Temp\fsd6323.exe
C:\Users\admin\AppData\Local\Temp\fsd817.exe
C:\Users\admin\AppData\Local\Temp\hKh5zAQo2E.exe
C:\Users\admin\AppData\Local\Temp\jdG0oV4TCa.exe
C:\Users\admin\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\admin\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\admin\AppData\Local\Temp\l3sQsQrdR1.exe
C:\Users\admin\AppData\Local\Temp\oprun14485.exe
C:\Users\admin\AppData\Local\Temp\oprun202.exe
C:\Users\admin\AppData\Local\Temp\oprun25567.exe
C:\Users\admin\AppData\Local\Temp\oprun26449.exe
C:\Users\admin\AppData\Local\Temp\Ryan Holiday The Obstacle Is Downloader__3687_i1780645052_il1742732.exe
C:\Users\admin\AppData\Local\Temp\SpOrder.dll
C:\Users\admin\AppData\Local\Temp\tu17p84.exe
C:\Users\admin\AppData\Local\Temp\Uninstall.exe
C:\Users\admin\AppData\Local\Temp\UninstallModule.exe
C:\Users\admin\AppData\Local\Temp\ZLPcxP28sR.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 11:00] - [2015-07-10 11:00] - 0680256 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\WINDOWS\system32\dnsapi.dll => no Company Name <===== ATTENTION

C:\WINDOWS\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-13 09:09

==================== End of FRST.txt ============================
ryno_21
Member+
 
Posts: 4
Joined: December 13th, 2015, 11:21 am

Re: Unable to remove Trojan:Win64/patched.az.gen!dll

Unread postby ryno_21 » December 13th, 2015, 11:31 am

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by admin (2015-12-13 11:29:32)
Running from C:\Users\admin\Desktop
Windows 10 Pro (X64) (2015-08-17 12:50:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3515164915-2860861682-270758949-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3515164915-2860861682-270758949-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3515164915-2860861682-270758949-503 - Limited - Disabled)
Guest (S-1-5-21-3515164915-2860861682-270758949-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3515164915-2860861682-270758949-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{935D195D-0E7A-3D63-5B66-70E6D13E6C03}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)
Ballistic Measurement System (HKLM-x32\...\Ballistic Measurement System_is1) (Version: 2015.0.0 - Innervations)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.2.0 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverIdentifier 4.2.7 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Freemake Video Converter version 4.1.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.1 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{A772EA32-AE5B-4474-BFC0-4C69C04AFF6A}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Kinovea (HKLM-x32\...\Kinovea) (Version: 0.8.15 - Kinovea)
Kistler BioWare (HKLM-x32\...\{DABF95C0-16FB-4493-BBB2-B050B4E6C982}) (Version: 5.1.1.0 - Kistler Instrument Group)
Kistler DataServer (HKLM-x32\...\{0479EFA6-278B-4031-9004-BFEF8EEE3415}) (Version: 1.3.0.2002 - Kistler Instrument Group)
Microsoft Forefront UAG endpoint components v4.0.0 (HKLM-x32\...\Microsoft Forefront UAG endpoint components 3.1.0) (Version: - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Micros-nQ#Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
PC Data App (HKLM-x32\...\PCData App) (Version: - ) <==== ATTENTION
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
Visual3D v5 Educational Textbook Version (HKLM-x32\...\{C27B0E0C-87A7-4723-94A3-0C43F79F1582}_is1) (Version: 5.00.26 - C-Motion, Inc.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/18/2013 2.08.28) (HKLM\...\9E24492CE9279512BD465F61DB8523641BB7BBFC) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/18/2013 2.08.28) (HKLM\...\E61B77ECE57113AE1CA028BC7A8AD6C137BD13DD) (Version: 01/18/2013 2.08.28 - FTDI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515164915-2860861682-270758949-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

13-12-2015 11:22:06 Removed calibre

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2015-12-12 14:15 - 00000966 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C65352E-53D8-4B7D-A441-CE3712B05573} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {0FCB86A0-0086-4742-BD3A-943A1EDB0088} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {12BC0AE8-37EE-46F1-9C0A-A9BEE258CC28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {191C4972-F4DE-4FED-A12C-BB5121E8C9D8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {1A1B5FFE-8AC6-4E11-BE8E-5172E74549A6} - System32\Tasks\AmiUpdXp => C:\Users\admin\AppData\Local\22813\Updater.exe [2014-10-06] () <==== ATTENTION
Task: {1C408272-3246-4CDC-93E9-405A4A13EE17} - System32\Tasks\{8D2D7D51-DEA4-4840-BD91-7495A7F85ED3} => pcalua.exe -a C:\Users\admin\Downloads\chromeinstall-8u40.exe -d C:\Users\admin\Downloads
Task: {1DB03B80-DAB6-452F-AD59-40BBD215BAC3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1F6808B2-08FD-4392-B127-5DDEF786A890} - System32\Tasks\{063A0F41-9B35-450D-A49B-B89A237A427F} => C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
Task: {24AF0F45-0C06-4A68-A941-81F1212CAE9A} - System32\Tasks\{3E6BB2CE-BD98-4E94-B6C5-116FE3E6625C} => C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
Task: {26525853-27B4-4655-9285-735162100E05} - System32\Tasks\{D4F5AE6C-9830-4EC0-9E37-1A36ABAE145F} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {3994D9BC-40C4-4700-AA58-74A1A8AB7875} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3FAF17D6-A004-410D-9EC1-CBB90B5DF3A9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {41B777DE-65CF-4B88-8DC6-88B2E81699A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4C7C3A89-124E-4A53-B92D-194ECE851344} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {65264A1F-7725-4335-A368-225B3E852A25} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: {687A5D15-A26C-41CF-A40E-39F239AD3952} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {700B27B2-72B4-4CAC-9460-F3F47B35EFF3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-18] (Microsoft Corporation)
Task: {71CC0D86-7FED-4939-A027-3ABAA3FB8F3C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {8A973949-A47E-4A9E-AF3A-6D6DCEBEF2A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8D5EEB58-929C-4081-AEFE-E8DF4980F972} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {9E51DD61-2299-4564-B918-1DBB6AEAC8C4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9E74519F-C362-439F-9398-5E14AAAB2BCE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-22] (Microsoft Corporation)
Task: {9E868C58-839F-4975-82F1-79B49DDB16DC} - System32\Tasks\DigitalSite => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A5C25BDB-3DFB-4423-BD83-22B7A514ED63} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B34E784E-E07B-4AE3-A2E8-F11509E0371D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B7C81D7F-3FE3-4092-8EEF-CA54422D3108} - System32\Tasks\{5B12BB56-6629-429F-A780-5F4926CE1213} => pcalua.exe -a E:\BioWare5_1_1\InstaCal_setup_v622.exe -d E:\BioWare5_1_1
Task: {C183EFB9-89CF-4812-8CD6-B91A98435537} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {C3543460-945B-4E23-9EED-FF31D9C4DC72} - System32\Tasks\{E35AD483-8B30-4C79-B0F9-5EA57C5A57E3} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {CB9BFB18-099C-4ED9-A993-2EF256A43126} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {DCACE629-14B6-470E-ACEF-33FA4D4C97C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-10] (Adobe Systems Incorporated)
Task: {E09A24CF-42FB-4202-A728-DD2D1A7EDE60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E1D608CB-B1E9-407A-9C5E-37B9B3736F1E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {E7774606-2E3C-4D5E-BD6C-9EFE5231C110} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {EAA0AF51-7DAD-4A68-8921-61A0B945D59E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: {F2C24A68-CD60-4C01-AB33-986DB8EA643F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FA090E4B-733E-4BD7-B7F5-3EBE6B99931F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\admin\AppData\Local\22813\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DigitalSite.job => C:\Users\admin\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SPBIW_UpdateTask_Time_3431303934343133382d5737325a786c5a3237344541.job => Wscript.exe S/B C:\ProgramData\ShopperPro\spbihe.js spbiu.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SXJVXMRYODXGIOSL.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1449929700&a=1024132&src=sh&uuid=b52dc2a9-b058-401e-b2f1-ad7994814e13" <==== ATTENTION
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://esurf.biz/?ssid=1449929700&a=1024132&src=sh&uuid=b52dc2a9-b058-401e-b2f1-ad7994814e13" <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1449929700&a=1024132&src=sh&uuid=b52dc2a9-b058-401e-b2f1-ad7994814e13" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?02ae8dc93080e2abc54b3e56c83ba3ee2519540 <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://esurf.biz/?ssid=1449929700&a=1024132&src=sh&uuid=b52dc2a9-b058-401e-b2f1-ad7994814e13" --proxy-pac-url=hxxp://unstopp.me/wpad.dat?02ae8dc93080e2abc54b3e56c83ba3ee2519540 <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 11:00 - 2015-07-10 11:00 - 00680256 _____ () C:\WINDOWS\system32\DNSAPI.dll
2015-08-17 21:09 - 2015-08-17 21:09 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-10 11:00 - 2015-07-10 11:00 - 00680256 _____ () c:\windows\system32\DNSAPI.dll
2015-07-10 11:00 - 2015-07-10 11:00 - 00680256 _____ () C:\WINDOWS\System32\DNSAPI.dll
2015-08-20 02:38 - 2015-08-11 09:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-11-18 13:21 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-07-10 11:00 - 2015-07-10 11:00 - 00680256 _____ () C:\WINDOWS\SYSTEM32\DNSAPI.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-03 10:45 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-03 10:45 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-18 13:29 - 2015-11-18 13:29 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-12-04 13:08 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2015-10-03 10:44 - 2015-09-17 05:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2013-12-24 13:42 - 2013-12-24 13:42 - 02016992 _____ () C:\Users\admin\Desktop\U1304.exe
2015-12-10 12:41 - 2015-12-10 12:41 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 12:41 - 2015-12-10 12:41 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-19 21:09 - 2015-11-19 21:09 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-10 12:38 - 2015-12-10 12:38 - 03492352 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.4020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-11-19 21:05 - 2015-11-19 21:06 - 09074176 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-11-19 21:05 - 2015-11-19 21:06 - 02416640 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2015-05-15 15:27 - 2015-05-15 15:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-13 08:40 - 2015-12-13 08:40 - 00098816 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32api.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00110080 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\pywintypes27.dll
2015-12-13 08:40 - 2015-12-13 08:40 - 00364544 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\pythoncom27.dll
2015-12-13 08:40 - 2015-12-13 08:40 - 00046080 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\_socket.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 01208320 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\_ssl.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00320512 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32com.shell.shell.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00776704 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\_hashlib.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 01176576 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\wx._core_.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00806400 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\wx._gdi_.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00816128 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\wx._windows_.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 01067008 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\wx._controls_.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00733184 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\wx._misc_.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00682496 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\pysqlite2._sqlite.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00088064 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\_ctypes.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00119808 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32file.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00108544 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32security.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00007168 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\hashobjs_ext.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00017920 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\thumbnails_ext.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00079360 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\usb_ext.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00167936 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32gui.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00018432 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32event.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00128512 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\_elementtree.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00127488 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\pyexpat.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00013824 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\common.time34.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00036864 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\_psutil_windows.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00038912 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32inet.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00525640 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\windows._lib_cacheinvalidation.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00011264 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32crypt.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00077312 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\wx._html2.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00027136 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\_multiprocessing.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00020480 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\_yappi.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00035840 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32process.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00686080 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\unicodedata.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00123392 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\wx._wizard.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00024064 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32pipe.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00010240 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\select.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00025600 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32pdh.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00017408 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32profile.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00022528 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\win32ts.pyd
2015-12-13 08:40 - 2015-12-13 08:40 - 00078848 _____ () C:\Users\admin\AppData\Local\Temp\_MEI87242\wx._animate.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\google.com -> hxxps://accounts.google.com
IE trusted site: HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\sharepoint.com -> hxxps://testlivesalfordac.sharepoint.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{F27E1DFA-AC39-48A2-90DD-C70AD91932CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{02D3633F-245A-460F-A12F-66477E2B407E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EC5B5E21-EEA4-4B13-9A0F-982C3DAE6035}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7EEE148F-428C-420C-923B-4647CD2F8B06}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{41182754-764E-42F7-B038-C349BA3BC621}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3064164E-A20D-41EE-8D6E-3B3BBED8EC5C}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{E3031186-17B1-4FAA-89F3-8B0798B66089}] => (Allow) LPort=1900
FirewallRules: [{87B7C276-6209-4EAE-90F5-8C036B000673}] => (Allow) LPort=2869
FirewallRules: [{1F3CFD3E-C3AC-40F8-8D6F-452699C360B5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CE4CAE57-0DFB-4D07-B6AF-C5CB244D4F0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B33E406F-E833-4E06-A488-BCF0923A1284}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{242ADDA0-69C1-4882-AB7D-1003F0BEFA92}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{566AE3BC-650D-4F36-B3F2-E45E10648303}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D86B63CE-5FEA-4B3F-A070-BB3CDDA45E75}] => (Allow) C:\Users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E81A3D57-1911-4942-B595-2481BF14B613}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{0C5FA3AD-D205-469B-82C8-6E8CB1EF0492}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{616C30D4-AD21-4853-ADF5-8D735ABA2A8C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{EAC9C857-E2E6-412F-9503-90A3F855B738}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{D9D7880B-6CE3-474C-9A55-297D5E6123DF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{F9C6B979-F9F9-4736-9891-82FF67832E87}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{CCFCAAC0-340A-42B9-A669-4E704BB4EF8B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{CDAAF369-D93D-4915-BD0A-FB4109175D23}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{26710DAA-2F12-497D-AF3A-C61D2CF3014C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{AEE49CFD-534F-480F-A573-25CD77D60248}C:\users\admin\desktop\u1401.exe] => (Allow) C:\users\admin\desktop\u1401.exe
FirewallRules: [TCP Query User{D442DE5A-FD10-49DA-8A65-9B10C494D461}C:\users\admin\desktop\u1401.exe] => (Allow) C:\users\admin\desktop\u1401.exe
FirewallRules: [UDP Query User{3CCB730C-2B28-49BB-8F6E-7709958B005F}C:\program files (x86)\spss 17\statistics.exe] => (Allow) C:\program files (x86)\spss 17\statistics.exe
FirewallRules: [TCP Query User{5F06DBC2-76E6-47CE-9CF4-C0C39919854B}C:\program files (x86)\spss 17\statistics.exe] => (Allow) C:\program files (x86)\spss 17\statistics.exe
FirewallRules: [UDP Query User{39695A44-2154-4EFF-A0E6-5E4DEC2E5F88}C:\users\admin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\admin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{2427B70C-45AA-4B93-B891-C5F5B75EA619}C:\users\admin\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\admin\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{5B50DA02-07F5-464B-B4C1-AC2CCE3D74A5}C:\users\admin\desktop\u1304.exe] => (Allow) C:\users\admin\desktop\u1304.exe
FirewallRules: [TCP Query User{850CBD32-98BF-4A85-B455-9EBF73D0B700}C:\users\admin\desktop\u1304.exe] => (Allow) C:\users\admin\desktop\u1304.exe
FirewallRules: [UDP Query User{61AD69BF-FEFD-4478-81AF-8D3F0A528ABA}C:\users\admin\desktop\u1304.exe] => (Allow) C:\users\admin\desktop\u1304.exe
FirewallRules: [TCP Query User{0399A7D5-EE37-44A4-AC03-BA001B6DFCEC}C:\users\admin\desktop\u1304.exe] => (Allow) C:\users\admin\desktop\u1304.exe
FirewallRules: [UDP Query User{1CDC39C3-98E9-4289-AD9B-7994FA89A7F1}C:\users\admin\desktop\u1303.exe] => (Allow) C:\users\admin\desktop\u1303.exe
FirewallRules: [TCP Query User{FC41650A-C989-48AF-9B11-54BFB14844FC}C:\users\admin\desktop\u1303.exe] => (Allow) C:\users\admin\desktop\u1303.exe
FirewallRules: [UDP Query User{CE65A635-9F43-426E-A082-D5B5328C1FF9}C:\users\admin\desktop\u1303.exe] => (Allow) C:\users\admin\desktop\u1303.exe
FirewallRules: [TCP Query User{93CCBABC-C4C7-4D29-8F48-5E89A46849F4}C:\users\admin\desktop\u1303.exe] => (Allow) C:\users\admin\desktop\u1303.exe
FirewallRules: [UDP Query User{A770FC49-EDD6-4329-9875-ADE68B8BA0D6}C:\users\admin\desktop\u1301.exe] => (Allow) C:\users\admin\desktop\u1301.exe
FirewallRules: [TCP Query User{35A9D6FE-AD6F-489B-845C-0AE260B96A0E}C:\users\admin\desktop\u1301.exe] => (Allow) C:\users\admin\desktop\u1301.exe
FirewallRules: [UDP Query User{81E30FB0-59B0-46A9-9928-A9B91230A1C3}C:\users\admin\desktop\u1301.exe] => (Allow) C:\users\admin\desktop\u1301.exe
FirewallRules: [TCP Query User{EDD56D93-439F-4E9B-B805-D02E8B30736F}C:\users\admin\desktop\u1301.exe] => (Allow) C:\users\admin\desktop\u1301.exe
FirewallRules: [UDP Query User{7168BB6F-D5A6-48DB-AF7D-F566286B110E}C:\users\admin\appdata\local\temp\wz1d17\u1301.exe] => (Allow) C:\users\admin\appdata\local\temp\wz1d17\u1301.exe
FirewallRules: [TCP Query User{8872822E-B67E-4696-B6E2-BB8DB7167B62}C:\users\admin\appdata\local\temp\wz1d17\u1301.exe] => (Allow) C:\users\admin\appdata\local\temp\wz1d17\u1301.exe
FirewallRules: [UDP Query User{7003776B-06DB-429C-A7C0-99697E26AD5E}C:\users\admin\appdata\local\temp\wze9a9\u1301.exe] => (Allow) C:\users\admin\appdata\local\temp\wze9a9\u1301.exe
FirewallRules: [TCP Query User{43B91A6B-282F-4CB1-BE84-72BCB9E1D630}C:\users\admin\appdata\local\temp\wze9a9\u1301.exe] => (Allow) C:\users\admin\appdata\local\temp\wze9a9\u1301.exe
FirewallRules: [UDP Query User{1668F5F6-0978-4A8A-A754-6FE43EE6657F}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F83C5337-0457-452A-A24D-4812009FA5FF}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2B2C2FC8-160F-4443-B4B0-E0A3221342D7}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{EB47B5F2-BEBC-42F1-9034-ED9F932E94A3}C:\users\admin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\admin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7D95C96E-07B4-4E34-8104-D0253FA39BDF}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{437E1F4C-8039-4541-BD10-55A6D805C0FE}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [UDP Query User{2095CB0E-A578-40DA-BD65-63115A49A36B}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{AB099CA1-0CD2-477C-B0FF-E95D48ED84B8}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{8BF7801A-7790-4A0F-9B58-658CD371A279}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E7DAC4B4-A4A5-4D64-9C82-DD941F6D9719}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F12CFC3D-6CDC-4F3B-B7B4-1D69B6723885}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{559F5A6D-B143-4C85-99CB-468057135901}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{11336C35-820D-490B-BB8B-233013197C32}C:\program files (x86)\spss 17\statistics.exe] => (Allow) C:\program files (x86)\spss 17\statistics.exe
FirewallRules: [TCP Query User{9273698C-D524-4457-8BFE-13138E965ADF}C:\program files (x86)\spss 17\statistics.exe] => (Allow) C:\program files (x86)\spss 17\statistics.exe
FirewallRules: [{BEB4A2AA-7832-4645-BAF1-96474FA0C946}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8C1283A7-78A7-49D4-B4C4-CC4F61518913}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{243A7294-420C-4CF3-BE71-E0950DA09FC6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{BA85681A-6178-45AD-8D53-094935058DE7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2015 11:22:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/13/2015 11:07:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/13/2015 11:06:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/13/2015 08:41:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/13/2015 08:39:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2015 10:47:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2015 10:34:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2015 10:32:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2015 10:25:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2015 10:24:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRISTHOMAS)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (12/13/2015 11:23:30 AM) (Source: hpdskflt) (EventID: 1001) (User: )
Description:

Error: (12/13/2015 11:07:44 AM) (Source: DCOM) (EventID: 10010) (User: CHRISTHOMAS)
Description: CortanaUI

Error: (12/13/2015 11:06:34 AM) (Source: DCOM) (EventID: 10010) (User: CHRISTHOMAS)
Description: CortanaUI

Error: (12/13/2015 10:56:16 AM) (Source: hpdskflt) (EventID: 1001) (User: )
Description:

Error: (12/13/2015 10:34:11 AM) (Source: WudfUsbccidDriver) (EventID: 11) (User: NT AUTHORITY)
Description: 0x810x20x10xfe0x00x0

Error: (12/13/2015 09:11:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

Error: (12/13/2015 09:10:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.

Error: (12/13/2015 08:41:15 AM) (Source: DCOM) (EventID: 10010) (User: CHRISTHOMAS)
Description: CortanaUI

Error: (12/13/2015 08:39:53 AM) (Source: DCOM) (EventID: 10010) (User: CHRISTHOMAS)
Description: CortanaUI

Error: (12/12/2015 10:47:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2015-12-13 09:16:53.332
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-13 09:12:58.297
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-13 08:54:05.761
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-13 08:54:05.727
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-13 08:54:05.681
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-13 08:43:46.897
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-12 22:09:25.159
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-12 22:09:23.993
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-12 22:09:23.146
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-12 22:09:22.480
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 50%
Total physical RAM: 4046.35 MB
Available physical RAM: 1982.89 MB
Total Virtual: 8142.35 MB
Available Virtual: 5475.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.5 GB) (Free:177.25 GB) NTFS
Drive f: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:886.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6A6731BE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=507 MB) - (Type=27)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 81B13894)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
ryno_21
Member+
 
Posts: 4
Joined: December 13th, 2015, 11:21 am

Re: Unable to remove Trojan:Win64/patched.az.gen!dll

Unread postby NonSuch » December 13th, 2015, 7:32 pm

Unfortunately, as you have opened your topic with multiple posts, the topic must be closed as it would likely go unnoticed by helpers who are looking for topics that have only a single post.

The following is an excerpt from the instructions at the below link, which you should have read and followed. Please take particular note of the portion I have highlighted in red.

viewtopic.php?p=491381#p491381

Gary R wrote:IMPORTANT:

  • Only post the information asked for above. If you have logs from additional scanners mention them along with your symptoms, but do not post any additional logs unless your helper asks for them.
  • Do not make any more posts to your topic until you have received a reply from a helper. Helpers here look for topics with zero replies, and if you have replied to your own topic they will assume you're already being helped. This will delay you getting the help you need.
  • Because this is a teaching forum, we prefer logs to be posted not attached. Do not attach your logs unless the size of them are such that the forum software tells you that they exceed the character limit for a post. In this case only, you may attach your logs, however you must state in your post why you have attached your logs and not posted them, failure to do so will result in your topic being closed.


Under normal circumstances, we do not permit the use of attachments; however, we realize that when a topic is started with multiple posts, instead of a single post, that topic will most likely be overlooked by helpers who are looking for topics that have not yet received a response; therefore, we must close such topics and request that the topic starter begin a new topic.

This topic will now be closed

If you still require help, please open a new thread in the Malware Removal forum. If the requested logs fail to fit in ONE post, then post the requested logs as attachments, and wait for assistance.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware