Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Unknown virus

27 Jul 2017   #1
max kragen

Win7 x64
 
 
Unknown virus

Hi. I don't know much about this stuff but I do know something is wrong. The three screenshots provided will give you an example of what is currently happening on my computer. The highlighted items in red are embedded on these pages and others and after running multiple malware and antivirus programs, the problem remains. Yes, I am guilty of running torrent sessions with utorrent but have now uninstalled and will never do it again. Thank you for any and all help.




Attached Thumbnails
Unknown virus-sample1.jpg   Unknown virus-sample2.jpg   Unknown virus-sample3.jpg  
My System SpecsSystem Spec
.
27 Jul 2017   #2
mrjimphelps

Dual Boot Linux Mint 32-bit / Windows 7 Professional 64-bit
 
 

So what is it that you are concerned about?
My System SpecsSystem Spec
27 Jul 2017   #3
samuria

win 8 32 bit
 
 

Please download and save FRST 64bit or FRST 32 bit to your Desktop.

http://download.bleepingcomputer.com/farbar/FRST.exe

http://download.bleepingcomputer.com/farbar/FRST64.exe

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Make sure that Addition option is checked.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back .
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe).
My System SpecsSystem Spec
.

27 Jul 2017   #4
max kragen

Win7 x64
 
 

@sumeri Don't mean to sound rude because I do appreciate you trying to help but that program pulled a lot of personal info to be posting to a public board. Is there another way?
My System SpecsSystem Spec
27 Jul 2017   #5
samuria

win 8 32 bit
 
 

Ita the top test to find virus and used by most groups
My System SpecsSystem Spec
27 Jul 2017   #6
max kragen

Win7 x64
 
 

I'm ok now, I replaced personal info with 'x'. Sorry for the delay, here it is but I have to do it in two posts because it is too long.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2017
Ran by Owner (administrator) on xxxxxx-PC (27-07-2017 18:37:32)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner & Twins & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GwxControlPanelMonitor] => C:\Users\Owner\Documents\GWX_control_panel.exe [4559944 2016-02-11] (UltimateOutsider)
HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\...\MountPoints2: {ae9ca562-1bc8-11e7-80ef-f4ce462c004a} - E:\LG_PC_Programs.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-217011151-2072011241-3863041349-1004\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76 75.75.76.76
Tcpip\..\Interfaces\{503FDFFA-D982-4EFB-B7A2-850941419CBC}: [DhcpNameServer] 75.75.75.75 75.75.76.76 75.75.76.76 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-217011151-2072011241-3863041349-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.accuweather.com/en/us/xxxxxxxxxxxxxxxxxxxx/weather-forecast/328763
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-25] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-25] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-08-18] (Wondershare)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-07-02] (Adobe Systems Incorporated)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-07-20]
FF HKLM-x32\...\Firefox\Extensions: [adapter@gingersoftware.com] - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com
FF Extension: (Ginger) - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com [2017-07-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi
FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi [2017-07-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-12] ()
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-07-02] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-217011151-2072011241-3863041349-1001: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [2016-12-22] (Ginger Software)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.accuweather.com/en/us/xxxxxxxxxxxxxxxxxxxx/weather-forecast/328763"
CHR NewTab: Default -> Not-active:"chrome-extension://bemcnncgpajfnogocmhahokbmkecgdlb/redirect.html", Not-active:"chrome-extension://kellhjpbhbklbappamhkdibfdookjaki/index.html", Not-active:"chrome-extension://miocdidnaandmhoncmppenehgcaiachi/newtab/newtab.html"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-07-27]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-08]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-08]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-08]
CHR Extension: (NewtabTV) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bemcnncgpajfnogocmhahokbmkecgdlb [2017-07-26]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-08]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (ICE Quick Stream) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2017-05-31]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Spotflux Lite) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcakbkpmlidimpglgiaclbpgbedlmpfl [2017-07-23]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-08]
CHR Extension: (Full Screen Weather) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2016-06-09]
CHR Extension: (VideoCast (VLC/Chromecast)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclhodkofgoighinmongpkpncdpalejb [2016-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-09]
CHR Extension: (Default) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kellhjpbhbklbappamhkdibfdookjaki [2017-07-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-09]
CHR Extension: (Dawn) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgepljiacclppkjddmfbhappionalhij [2016-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-08]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-217011151-2072011241-3863041349-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1517576 2017-03-20] ()
S2 GingerUpdateService; C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [527872 2016-12-22] (Ginger Software) [File not signed]
S2 Intel(R) PROSet Monitoring Service; C:\windows\system32\IProsetMonitor.exe [505856 2017-02-10] (Intel Corporation) [File not signed]
S3 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2016-06-15] (Arainia Solutions LLC)
S3 MxEFLF; C:\windows\system32\drivers\MxEFLF64.sys [116224 2011-08-16] (Matrox Graphics Inc.)
S3 MxEFUF; C:\windows\system32\drivers\MxEFUF64.sys [157696 2011-08-16] (Matrox Graphics Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2016-12-18] () [File not signed]
S3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 t_mouse.sys; C:\windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
My System SpecsSystem Spec
28 Jul 2017   #7
samuria

win 8 32 bit
 
 

If you post the second file addition please
My System SpecsSystem Spec
28 Jul 2017   #8
max kragen

Win7 x64
 
 

Sorry, I did post it but for some reason it did not get added. Something about a mod must approve it before posting...anyway;

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-27 18:37 - 2017-07-27 18:38 - 00015263 _____ C:\Users\Owner\Downloads\FRST.txt
2017-07-27 18:37 - 2017-07-27 18:37 - 00000000 ____D C:\FRST
2017-07-27 18:36 - 2017-07-27 18:37 - 02381824 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2017-07-27 12:05 - 2017-07-27 12:05 - 00065312 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-27 11:55 - 2017-07-27 11:55 - 06299336 _____ (Piriform Ltd) C:\Users\Owner\Downloads\spsetup131.exe
2017-07-27 11:43 - 2017-07-27 11:43 - 00294112 _____ C:\windows\system32\FNTCACHE.DAT
2017-07-27 11:40 - 2017-07-27 11:40 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2017-07-27 11:35 - 2017-07-27 11:40 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-27 11:35 - 2017-07-27 11:35 - 11584088 _____ (SurfRight B.V.) C:\Users\Owner\Downloads\HitmanPro_x64.exe
2017-07-27 11:18 - 2017-07-27 11:18 - 00000000 ____D C:\SUPERDelete
2017-07-27 11:08 - 2017-07-27 14:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-07-27 11:07 - 2017-07-27 11:07 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-07-27 11:05 - 2017-07-27 11:05 - 04291320 _____ (BrightFort LLC ) C:\Users\Owner\Downloads\spywareblastersetup55.exe
2017-07-27 11:04 - 2017-07-27 11:07 - 00000000 ____D C:\ProgramData\TEMP
2017-07-27 11:04 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL
2017-07-27 10:37 - 2017-07-27 10:37 - 00030022 _____ C:\ProgramData\agent.uninstall.1501169816.bdinstall.bin
2017-07-27 09:53 - 2017-07-27 09:53 - 00029967 _____ C:\ProgramData\agent.update.1501167220.bdinstall.bin
2017-07-27 09:45 - 2017-07-27 09:45 - 00046848 _____ C:\ProgramData\agent.1501166741.bdinstall.bin
2017-07-26 23:44 - 2017-07-26 23:51 - 00002794 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2017-07-26 23:44 - 2017-07-26 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-26 23:44 - 2017-07-26 23:44 - 00000000 ____D C:\Program Files\CCleaner
2017-07-26 23:43 - 2017-07-26 23:43 - 00237056 _____ (Fix-KB) C:\Users\Owner\Downloads\DriveTidy.exe
2017-07-26 23:42 - 2017-07-26 23:42 - 09747512 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup532.exe
2017-07-26 23:23 - 2017-07-26 23:23 - 00000000 ____D C:\ProgramData\Bitdefender
2017-07-26 23:22 - 2017-07-26 23:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
2017-07-26 23:21 - 2017-07-26 23:21 - 00046647 _____ C:\ProgramData\agent.1501129300.bdinstall.bin
2017-07-26 23:21 - 2017-07-26 23:21 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-07-26 23:18 - 2017-07-26 23:18 - 64025992 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mb3-setup-1879.1879-3.1.2.1733-1.0.139-1.0.2060.exe
2017-07-26 23:17 - 2017-07-26 23:17 - 08465984 _____ C:\Users\Owner\Downloads\bitdefender_online.exe
2017-07-26 22:45 - 2017-07-27 01:22 - 00000000 ____D C:\Users\Owner\AppData\Local\llssoft
2017-07-26 22:44 - 2017-07-27 02:01 - 00000000 ____D C:\Program Files (x86)\zyr1m3bxyfu
2017-07-26 22:44 - 2017-07-27 02:01 - 00000000 ____D C:\Program Files (x86)\bkp1zkncaay
2017-07-26 22:44 - 2017-07-26 22:44 - 00140800 _____ C:\Users\Owner\AppData\Local\installer.dat
2017-07-26 22:44 - 2017-07-26 22:44 - 00011568 _____ C:\Users\Owner\AppData\Local\InstallationConfiguration.xml
2017-07-26 22:39 - 2017-07-27 01:22 - 00000000 ____D C:\Users\Owner\AppData\Local\bxgdvj
2017-07-26 22:39 - 2017-07-26 22:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\c
2017-07-25 20:07 - 2017-07-25 20:06 - 00110144 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-64.dll
2017-07-23 17:27 - 2017-07-27 11:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2017-07-23 16:49 - 2017-07-26 21:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TunnelBear
2017-07-23 16:49 - 2017-07-23 16:49 - 00000000 ____D C:\Users\Owner\AppData\Local\IsolatedStorage
2017-07-23 00:27 - 2015-02-27 14:38 - 00721263 _____ () C:\windows\SysWOW64\ISCM64.dll
2017-07-23 00:27 - 2015-02-27 14:38 - 00214528 _____ () C:\windows\SysWOW64\ISCM32.dll
2017-07-23 00:25 - 2016-08-22 16:31 - 00204800 _____ C:\ProgramData\WS_Log.dll
2017-07-23 00:11 - 2017-07-23 00:11 - 00000000 ____D C:\ProgramData\iSkysoft Video Converter Ultimate
2017-07-23 00:10 - 2017-07-27 01:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\iSkysoft iMedia Converter Deluxe
2017-07-23 00:10 - 2017-07-23 00:10 - 00000000 ____D C:\Users\Owner\Documents\iSkysoft iMedia Converter Deluxe
2017-07-23 00:10 - 2017-07-23 00:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2017-07-23 00:09 - 2017-07-27 01:40 - 00000000 ____D C:\ProgramData\iSkysoft iMedia Converter Deluxe
2017-07-23 00:09 - 2017-07-23 09:10 - 00000000 ____D C:\Program Files (x86)\iSkysoft
2017-07-23 00:09 - 2017-07-23 00:10 - 00000000 ____D C:\ProgramData\iSkysoft
2017-07-23 00:09 - 2017-07-23 00:09 - 00000000 ____D C:\Users\Owner\AppData\Local\iSkysoft
2017-07-23 00:09 - 2017-07-23 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2017-07-22 23:34 - 2017-07-22 23:34 - 52545957 ____R C:\Users\Owner\Downloads\iSkysoft iMedia Converter Deluxe v8.8.0.1 Setup + Crack.zip
2017-07-22 22:58 - 2017-07-22 22:58 - 00000000 ____D C:\Users\Owner\AppData\Local\VideoEditor
2017-07-22 22:58 - 2017-07-22 22:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Movavi
2017-07-22 22:57 - 2017-07-22 22:57 - 00005094 _____ C:\ProgramData\czchsjpj.srw
2017-07-22 22:57 - 2017-07-22 22:57 - 00000016 _____ C:\ProgramData\mntemp
2017-07-22 22:57 - 2017-07-22 22:57 - 00000000 ____D C:\ProgramData\Movavi Video Editor 12
2017-07-21 16:13 - 2017-07-21 16:13 - 00000000 ____D C:\Users\Owner\AppData\Roaming\PDAppFlex
2017-07-21 13:23 - 2017-07-27 00:11 - 00000000 ____D C:\Program Files (x86)\Ginger
2017-07-21 13:23 - 2017-07-21 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ginger
2017-07-20 21:27 - 2017-07-20 21:27 - 00153789 _____ C:\Users\Owner\Downloads\resume-xxxxxxxxxxxxx.pdf
2017-07-20 21:22 - 2017-07-20 21:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SolidDocuments
2017-07-20 21:22 - 2017-07-20 21:22 - 00000000 ____D C:\ProgramData\SolidDocuments
2017-07-20 20:52 - 2017-07-20 20:52 - 00000040 ____H C:\71DCE2716838
2017-07-20 20:52 - 2017-07-20 20:52 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-07-20 20:51 - 2017-07-20 20:51 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-07-20 20:51 - 2017-07-20 20:51 - 00002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-07-12 17:22 - 2017-06-29 01:27 - 25734656 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-07-12 17:22 - 2017-06-29 00:44 - 05975552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-07-12 17:22 - 2017-06-29 00:23 - 20270592 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-07-12 17:22 - 2017-06-28 23:58 - 15253504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-07-12 17:22 - 2017-06-28 23:43 - 13663744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-07-12 17:21 - 2017-06-29 23:15 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-07-12 17:21 - 2017-06-29 22:32 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-07-12 17:21 - 2017-06-29 21:57 - 02058240 _____ (Microsoft Corporation) C:\windows\system32\Query.dll
2017-07-12 17:21 - 2017-06-29 21:38 - 01363968 _____ (Microsoft Corporation) C:\windows\SysWOW64\Query.dll
2017-07-12 17:21 - 2017-06-29 01:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-07-12 17:21 - 2017-06-29 01:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-07-12 17:21 - 2017-06-29 01:04 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-07-12 17:21 - 2017-06-29 01:03 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-07-12 17:21 - 2017-06-29 01:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-07-12 17:21 - 2017-06-29 01:02 - 02899456 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-07-12 17:21 - 2017-06-29 01:02 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-07-12 17:21 - 2017-06-29 01:02 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-07-12 17:21 - 2017-06-29 00:55 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-07-12 17:21 - 2017-06-29 00:54 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-07-12 17:21 - 2017-06-29 00:51 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-07-12 17:21 - 2017-06-29 00:50 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-07-12 17:21 - 2017-06-29 00:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-07-12 17:21 - 2017-06-29 00:50 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-07-12 17:21 - 2017-06-29 00:50 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-07-12 17:21 - 2017-06-29 00:43 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-07-12 17:21 - 2017-06-29 00:39 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-07-12 17:21 - 2017-06-29 00:35 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-07-12 17:21 - 2017-06-29 00:31 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-07-12 17:21 - 2017-06-29 00:31 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 17:21 - 2017-06-29 00:30 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-07-12 17:21 - 2017-06-29 00:27 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-07-12 17:21 - 2017-06-29 00:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-07-12 17:21 - 2017-06-29 00:23 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-07-12 17:21 - 2017-06-29 00:23 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-07-12 17:21 - 2017-06-29 00:23 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-07-12 17:21 - 2017-06-29 00:23 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-07-12 17:21 - 2017-06-29 00:22 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-07-12 17:21 - 2017-06-29 00:22 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-07-12 17:21 - 2017-06-29 00:22 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-07-12 17:21 - 2017-06-29 00:19 - 02290176 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-07-12 17:21 - 2017-06-29 00:17 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-07-12 17:21 - 2017-06-29 00:16 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-07-12 17:21 - 2017-06-29 00:14 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-07-12 17:21 - 2017-06-29 00:13 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-07-12 17:21 - 2017-06-29 00:13 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-07-12 17:21 - 2017-06-29 00:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-07-12 17:21 - 2017-06-29 00:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-07-12 17:21 - 2017-06-29 00:09 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-07-12 17:21 - 2017-06-29 00:09 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-07-12 17:21 - 2017-06-29 00:08 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-07-12 17:21 - 2017-06-29 00:07 - 02132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-07-12 17:21 - 2017-06-29 00:05 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-07-12 17:21 - 2017-06-29 00:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 17:21 - 2017-06-29 00:00 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-07-12 17:21 - 2017-06-29 00:00 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2017-07-12 17:21 - 2017-06-28 23:58 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-07-12 17:21 - 2017-06-28 23:56 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-07-12 17:21 - 2017-06-28 23:56 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-07-12 17:21 - 2017-06-28 23:54 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-07-12 17:21 - 2017-06-28 23:53 - 03240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-07-12 17:21 - 2017-06-28 23:52 - 04549632 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-07-12 17:21 - 2017-06-28 23:48 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-07-12 17:21 - 2017-06-28 23:47 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-07-12 17:21 - 2017-06-28 23:46 - 02057216 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-07-12 17:21 - 2017-06-28 23:46 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-07-12 17:21 - 2017-06-28 23:41 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-07-12 17:21 - 2017-06-28 23:29 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-07-12 17:21 - 2017-06-28 23:28 - 02767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-07-12 17:21 - 2017-06-28 23:24 - 01314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-07-12 17:21 - 2017-06-28 23:23 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-07-12 17:21 - 2017-06-22 09:58 - 03223040 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-07-12 17:21 - 2017-06-15 15:23 - 00753664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2017-07-12 17:21 - 2017-06-12 17:54 - 00370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2017-07-12 17:21 - 2017-06-12 17:54 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-07-12 17:21 - 2017-06-12 17:54 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-07-12 17:21 - 2017-06-12 17:49 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 01363456 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00594432 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2017-07-12 17:21 - 2017-06-12 17:49 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\pdhui.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-07-12 17:21 - 2017-06-12 17:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 01227264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 00444928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2017-07-12 17:21 - 2017-06-12 17:29 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-07-12 17:21 - 2017-06-12 17:29 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\pdhui.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-07-12 17:21 - 2017-06-12 17:28 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-07-12 17:21 - 2017-06-12 17:19 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-07-12 17:21 - 2017-06-12 17:14 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\msinfo32.exe
2017-07-12 17:21 - 2017-06-12 17:14 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\perfmon.exe
2017-07-12 17:21 - 2017-06-12 17:14 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\resmon.exe
2017-07-12 17:21 - 2017-06-12 17:12 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-07-12 17:21 - 2017-06-12 17:12 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-07-12 17:21 - 2017-06-12 17:12 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-07-12 17:21 - 2017-06-12 17:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-07-12 17:21 - 2017-06-12 17:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-07-12 17:21 - 2017-06-12 17:06 - 00303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\msinfo32.exe
2017-07-12 17:21 - 2017-06-12 17:06 - 00157184 _____ (Microsoft Corporation) C:\windows\SysWOW64\perfmon.exe
2017-07-12 17:21 - 2017-06-12 17:06 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\resmon.exe
2017-07-12 17:21 - 2017-06-12 17:05 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-07-12 17:21 - 2017-06-10 10:59 - 00313856 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2017-07-12 17:21 - 2017-06-10 10:39 - 00271360 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2017-07-12 17:21 - 2017-06-09 10:33 - 01680616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-07-12 17:21 - 2017-06-06 10:30 - 01867264 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-07-12 17:21 - 2017-06-06 10:12 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-07-12 17:21 - 2017-05-29 23:56 - 01895656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2017-07-12 17:21 - 2017-05-29 23:56 - 00377576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2017-07-12 17:21 - 2017-05-29 23:56 - 00287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 17:21 - 2017-05-20 23:24 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2017-07-12 17:21 - 2017-05-20 23:06 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2017-07-12 17:21 - 2017-05-16 10:35 - 00986856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2017-07-12 17:21 - 2017-05-16 10:35 - 00265448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2017-07-12 17:21 - 2017-05-16 10:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
My System SpecsSystem Spec
28 Jul 2017   #9
max kragen

Win7 x64
 
 

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-27 18:26 - 2016-06-12 17:45 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-27 16:02 - 2016-06-17 01:45 - 00000000 ____D C:\Users\Owner\AppData\Local\DayZ
2017-07-27 14:32 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2017-07-27 11:54 - 2009-07-13 23:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-27 11:54 - 2009-07-13 23:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-27 11:49 - 2009-07-14 00:13 - 00752568 _____ C:\windows\system32\PerfStringBackup.INI
2017-07-27 11:43 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-07-27 11:42 - 2016-06-09 11:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Wise Disk Cleaner
2017-07-27 11:42 - 2016-06-08 13:40 - 00065536 _____ C:\windows\system32\spu_storage.bin
2017-07-27 10:36 - 2017-04-08 23:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Opera Software
2017-07-27 10:36 - 2017-04-08 23:43 - 00000000 ____D C:\Users\Owner\AppData\Local\Opera Software
2017-07-27 10:36 - 2016-06-08 12:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2017-07-27 02:01 - 2017-05-31 18:06 - 00000000 ____D C:\Users\Twins
2017-07-27 02:01 - 2016-06-13 14:50 - 00000000 ____D C:\windows\Minidump
2017-07-27 02:01 - 2016-06-08 10:12 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-27 02:01 - 2016-06-08 10:10 - 00000000 ____D C:\Users\Administrator
2017-07-27 02:01 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2017-07-27 00:11 - 2017-03-11 22:19 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-07-27 00:11 - 2017-03-09 12:32 - 00000000 ____D C:\ProgramData\IntelDLM
2017-07-27 00:11 - 2017-02-05 19:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\discord
2017-07-27 00:11 - 2017-02-05 19:41 - 00000000 ____D C:\Users\Owner\AppData\Local\SquirrelTemp
2017-07-27 00:11 - 2016-06-12 15:40 - 00000000 ____D C:\Users\Owner\.VirtualBox
2017-07-27 00:11 - 2016-06-12 15:13 - 00000000 ____D C:\Users\Owner\AppData\Local\Bluestacks
2017-07-27 00:11 - 2016-06-08 13:28 - 00000000 ____D C:\AMD
2017-07-27 00:11 - 2016-06-08 12:54 - 00000000 ____D C:\Users\Owner
2017-07-27 00:11 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\Msdtc
2017-07-26 23:11 - 2016-09-24 19:32 - 00000000 ___RD C:\Users\Owner\Downloads\PopcornTime
2017-07-26 21:57 - 2016-07-02 23:59 - 00000019 _____ C:\END
2017-07-26 21:50 - 2016-06-08 13:30 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-26 21:47 - 2016-09-01 03:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2017-07-25 20:07 - 2016-06-08 10:14 - 00000000 ____D C:\ProgramData\Oracle
2017-07-25 20:07 - 2016-06-08 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-25 20:07 - 2016-06-08 10:14 - 00000000 ____D C:\Program Files (x86)\Java
2017-07-25 20:06 - 2016-06-08 10:19 - 00110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2017-07-25 20:06 - 2016-06-08 10:18 - 00000000 ____D C:\Program Files\Java
2017-07-25 20:05 - 2016-06-08 10:14 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2017-07-22 18:02 - 2016-04-12 17:02 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-07-21 15:59 - 2016-10-11 13:48 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2017-07-21 15:56 - 2016-06-09 10:46 - 00000000 ____D C:\Program Files (x86)\Wise
2017-07-21 15:54 - 2016-12-18 19:10 - 00002904 _____ C:\windows\System32\Tasks\{32359A6E-A4B7-4B2C-AD54-4F9B1308A9FD}
2017-07-21 15:54 - 2016-12-18 19:07 - 00003036 _____ C:\windows\System32\Tasks\{4DF36FA8-4EF7-40E7-9609-CFBC9148B473}
2017-07-21 13:23 - 2016-06-08 13:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-20 20:55 - 2016-06-08 12:55 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2017-07-20 20:54 - 2016-04-12 17:02 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-07-20 20:54 - 2016-04-12 17:01 - 00000000 ____D C:\ProgramData\Adobe
2017-07-20 20:49 - 2016-04-12 17:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-07-16 12:48 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2017-07-12 18:27 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2017-07-11 23:31 - 2016-06-08 10:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-06-27 21:36 - 2016-11-09 16:29 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 17:04 - 2016-06-08 12:55 - 00000000 ____D C:\Users\Owner\AppData\Local\Google

==================== Files in the root of some directories =======

2016-07-12 15:21 - 2016-07-13 02:27 - 0000096 _____ () C:\Users\Owner\AppData\Roaming\LauncherSettings_live.cfg
2017-04-16 11:07 - 2017-04-16 11:07 - 0004608 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-26 22:44 - 2017-07-26 22:44 - 0011568 _____ () C:\Users\Owner\AppData\Local\InstallationConfiguration.xml
2017-07-26 22:44 - 2017-07-26 22:44 - 0140800 _____ () C:\Users\Owner\AppData\Local\installer.dat
2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\Owner\AppData\Local\report
2016-08-17 01:21 - 2017-03-31 20:46 - 0007600 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2017-07-26 23:21 - 2017-07-26 23:21 - 0046647 _____ () C:\ProgramData\agent.1501129300.bdinstall.bin
2017-07-27 09:45 - 2017-07-27 09:45 - 0046848 _____ () C:\ProgramData\agent.1501166741.bdinstall.bin
2017-07-27 10:37 - 2017-07-27 10:37 - 0030022 _____ () C:\ProgramData\agent.uninstall.1501169816.bdinstall.bin
2017-07-27 09:53 - 2017-07-27 09:53 - 0029967 _____ () C:\ProgramData\agent.update.1501167220.bdinstall.bin
2017-07-22 22:57 - 2017-07-22 22:57 - 0005094 _____ () C:\ProgramData\czchsjpj.srw
2017-07-22 22:57 - 2017-07-22 22:57 - 0000016 _____ () C:\ProgramData\mntemp
2017-01-25 02:32 - 2017-06-16 19:10 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml
2017-07-23 00:25 - 2016-08-22 16:31 - 0204800 _____ () C:\ProgramData\WS_Log.dll

Files to move or delete:
====================
C:\ProgramData\WS_Log.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-27 13:40

==================== End of FRST.txt ============================
My System SpecsSystem Spec
28 Jul 2017   #10
max kragen

Win7 x64
 
 

Sorry for the delay, this is it in it's entirety. Thank you for pursuing this.
My System SpecsSystem Spec
Reply

 Unknown virus




Thread Tools




Similar help and support threads
Thread Forum
Virus on flash drive, unknown characters
Hello! My friend plugged in her USB Flash Drive on a computer shop this week. After plugging in, she got a couple of viruses. She let me take a look at it. I scanned the Flash Drive with my AV and I found couple of viruses. But when I opened the USB, I found something strange. The file names (as...
System Security
Unknown device In device manager, by a virus ?
Hello everyone, I hope you could give me some clue that may have caused the appearance of an unknown device. All information here : https://www.sevenforums.com/hardware-devices/332849-unknown-device-appears.html First, That was solved by uninstalling and rebooting, did not appear anymore. But as...
System Security
Unknown Virus Disables Bitdefender
I have Bitdefender Total Internet Security installed. I have run MSE scan, Microsoft malware scan and Malwarebytes scan and all come back clear. BUT, my Bitdefender on-demand scanner will not turn on and my live protection is disabled. Also, when I try a deep scan, it will not complete due to...
System Security
unknown virus
hey, there has apparently been a virus going around that attacks graphics cards. im afraid that i have this virus because my graphics seem to be deterriating. every time i boot my computer i have to turn on aero effects and window monitoring for my computer to work properly. i have performed many...
System Security
Unknown Virus?
My Win7 64 Pro suddenly got slower. With my system I never wait for anything, now I am typing at 2-3 CPS. I asked around online and they suggested I look at the Resource Monitor. I am getting 75 Memory Hard Faults per second. Memory Hard Hard Faults is somewhat of a misnomer. They are Windows Page...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:18.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App