Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple symptoms including alphanumeric keys on keyboard not working


  • This topic is locked This topic is locked
90 replies to this topic

#1 SpecialKlady

SpecialKlady

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 14 September 2015 - 02:42 PM

i only have onscreen keyboard so i will give basic info.

-win 7 home premium sp1 on hp pavillion.

-ie 11 and firefox 40.0.3 had adds popping up like crazy and every mouse click i made redirected me to new page of ads - common website address was "serve.bannersdontwork.com", "s.hkimm.com", and "buyoko.com".

-ran 4 malware removal programs to id and remove any malware/viruses (after researching on internet). they were 1) adwcleaner 2) JRT 3) mbam 4) HitmanPro. The removal programs discovered Trojan.DNSChanger, Rogue.Multiple, and Backdoor.Messa.Gen on system and quarantined them.

-ran ccleaner and norton utilities. all 6 programs eventually came back saying no malware found. i still have the log files.

-tried to reinstall keyboard (drivers, etc) without success.

-research lead me to believe i was infected when i installed a zip/unzip program fron NCH so i tried uninstalling it using removal instructions from internet. i needed to rename nch software in program files, rename all nch entries in registry, and, eventually manually delete them.

-now, alphanum keys don't work on logitech wireless kb/mouse combo (mouse works fine) and usb hp original kb - both work normally on another system. both work on my computer until the win logon screen and then stop. onscreen kb works fine. Logitech has been no help!

-now, Security Policies are locking me out

   - no access at all to q:/ drive (MS Office is on there)

   - when opening files i'm told i don't have permission - some files/programs tell me i'm not even owner!

   - in "Component Services", i drill down to "COM+ Applications" to look at them. as soon as i click on the main folder I get message "you do not have permission to perform the requested action. If security is enabled on the System Application of the target computer make sure you are included in the appropriate roles."

   - i have noticed a lot of files in 'roaming' folders that i haven't seen before (they show up on ccleaner).

Hope i've covered everything.

Please help!!!

 

 

 



BC AdBot (Login to Remove)

 


#2 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 15 September 2015 - 01:15 PM

Hello SpecialKlady,
 

I'm Stan and I will be helping you for this problem.

 

First of all I want to clear some things about the malware removal process:

  • Do not run any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
  • Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
  • Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
  • Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
  • Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
  • Share with me any problems/changes you experience while working with the current system.
  • Please, do not use any quotes or code boxes when you post logs.

I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.

 

I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.

 

********************

 

Thank you for the provided info that gives me quite good overview of the current situation. First of all, I want to ask you couple of questions:

  • Are those popups still present or they have been removed after you run some of the tools mentioned?
  • Can you run programs in normal mode without any problems or you are experiencing difficulties when trying?
  • Can you access Safe Mode or Safe Mode with Networking? More information on how you can access those can be found here.

Please, follow step 6 from the Preparation Guide to generate logs from Farbar Recovery Scan Tool. If you are unable to do that in normal mode, please, try to follow the steps under Safe Mode, if accessible. When ready, please, post the content of the logs in your next reply.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#3 SpecialKlady

SpecialKlady
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 15 September 2015 - 08:47 PM

Hi Stan, thank you for your quick reply. I, too, work during the day, however, I do occasionally have a few hours between 10 and 2 MST, however most of the time I will be responding in the evenings as well (usually between 6 and 12 MST. I have acquired my son's laptop so I have a keyboard for now (obviously not on the same system). I will answer your questions now and post the reports shortly. The popups had disappeared, however, when I went on the computer today with IE to access this website, I was redirected and then could not get out of it without closing IE, which I did. I then went on Firefox and was not redirected and did not experience popups. The redirection on IE was the first one I've had since I ran all those tools. Running programs in normal mode is not a problem, however, sometimes it takes two tries to open them from my desktop. My Start Menu items seem to open okay. My quick links in my System Tray and on the Task Bar seem to open fine. Also, in IE and Firefox both, if I minimize a window, to recall it, I have to click on It twice. Also, the when the windows are minimized to the task bar, I cannot hover on them and click on the X to close them. Yes, I seem to have access to Safe Mode and Safe Mode with Networking. The Function keys (or at least most of them) and the alphanumeric keys seem to work on both keyboards until windows enters the Logon screen, at which point I lose the ability to use the alphanumeric keys. I will now go to my computer and post those reports for you.



#4 SpecialKlady

SpecialKlady
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 15 September 2015 - 08:54 PM

Here are the reports from Farbar Recovery Scan Tool:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by owner (administrator) on KAREN (15-09-2015 18:45:14)
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner & Todd)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFInst.exe
(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFSched.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Dropbox, Inc.) C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() Q:\140066.enu\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-21] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-471647914-2874807093-1816397679-1000\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\hp\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-471647914-2874807093-1816397679-1000\...\Run: [Dropbox Update] => C:\Users\owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-471647914-2874807093-1816397679-1000\...\Run: [GFI BackUp Freeware] => C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIAgent.exe [2318704 2012-01-12] (GFI Software Ltd.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-06-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyUsers\S-1-5-21-471647914-2874807093-1816397679-1001\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E4D1C3A2-61D2-44D2-86B8-0ECD9A2588BC}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-471647914-2874807093-1816397679-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.bing.com/
HKU\S-1-5-21-471647914-2874807093-1816397679-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-471647914-2874807093-1816397679-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/
HKU\S-1-5-21-471647914-2874807093-1816397679-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.refdesk.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {5BD88F41-359A-492A-91AE-B35F3F4BE0C6} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-471647914-2874807093-1816397679-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.ca/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-471647914-2874807093-1816397679-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.ca/search?q={searchTerms}
BHO: HQuality-v3V30.09 -> {11111111-1111-1111-1111-110611171162} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-13] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-13] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-471647914-2874807093-1816397679-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
Toolbar: HKU\S-1-5-21-471647914-2874807093-1816397679-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5}
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\sk14gzx0.default
FF NewTab: www.refdesk.com
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.refdesk.com/
FF NetworkProxy: "no_proxies_on", ""
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\owner\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-471647914-2874807093-1816397679-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\owner\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-13] (Apple Inc.)
FF Extension: Garmin Communicator - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\sk14gzx0.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-30]
FF Extension: Bitdefender QuickScan - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\sk14gzx0.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-28]
FF Extension: NoSquint - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\sk14gzx0.default\Extensions\nosquint@urandom.ca.xpi [2013-07-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-08-28]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-08-24]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-08-24]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-08-23]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\sk14gzx0.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-471647914-2874807093-1816397679-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ppjemjejnnojomfekgbpbbnecicblllf] - <no Path/update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)
R2 GFIBckFAtt; C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFInst.exe [1011056 2012-01-12] (GFI Software Ltd.)
R2 GFIBckFSched; C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFSched.exe [2664816 2012-01-12] (GFI Software Ltd.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Users\owner\AppData\Local\Temp\7zS1D18\hpslpsvc64.dll [1039360 2012-08-27] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S5 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-07] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-12] (Anchorfree Inc.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 vdbus; system32\DRIVERS\vdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 18:45 - 2015-09-15 18:45 - 00022582 _____ C:\Users\owner\Desktop\FRST.txt
2015-09-15 18:44 - 2015-09-15 18:45 - 00000000 ____D C:\FRST
2015-09-15 18:43 - 2015-09-15 18:44 - 02191360 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2015-09-13 18:07 - 2015-09-14 11:52 - 00000000 ____D C:\Users\owner\Desktop\SecTaskManold
2015-09-13 17:31 - 2015-09-13 17:31 - 02816040 _____ C:\Users\owner\Downloads\SecurityTaskManager_Setup.exe
2015-09-13 17:31 - 2015-09-13 17:31 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-09-13 17:31 - 2015-09-13 17:31 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-09-13 17:31 - 2015-09-13 17:31 - 00001112 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2015-09-13 17:31 - 2015-09-13 17:31 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2015-09-13 16:12 - 2015-09-13 16:12 - 00044823 _____ C:\Users\owner\Desktop\sfcdetails.txt
2015-09-13 01:00 - 2015-09-13 01:00 - 00000000 _____ C:\Windows\setuperr.log
2015-09-13 01:00 - 2015-09-13 01:00 - 00000000 _____ C:\Windows\setupact.log
2015-09-12 18:48 - 2015-09-12 18:48 - 00000706 _____ C:\Users\owner\Documents\cc_20150912_184843.reg
2015-09-12 18:45 - 2015-09-12 18:45 - 00000246 _____ C:\Users\owner\Documents\cc_20150912_184530.reg
2015-09-12 18:44 - 2015-09-12 18:44 - 00003450 _____ C:\Users\owner\Documents\cc_20150912_184400.reg
2015-09-09 11:22 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-09-09 10:48 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-09-09 10:48 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-09-09 10:48 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-09-09 10:48 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-09-09 10:48 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-09-09 10:48 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-09-09 10:48 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-09-09 10:48 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-09-09 10:48 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-09-09 10:48 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-09-09 10:48 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-09-09 10:48 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-09-09 10:48 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-09-09 10:48 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-09-09 10:48 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-09-09 10:48 - 2013-10-01 14:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-09 10:48 - 2013-10-01 14:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-09 10:42 - 2015-09-09 10:42 - 00985600 _____ C:\Users\owner\Desktop\MicrosoftFixit50123.msi
2015-09-09 06:37 - 2015-07-14 21:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 06:37 - 2015-07-14 20:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 06:36 - 2015-08-05 11:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 06:36 - 2015-08-05 11:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 06:36 - 2015-08-05 11:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 06:36 - 2015-07-22 18:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 06:36 - 2015-07-22 18:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 06:36 - 2015-07-22 18:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 06:36 - 2015-07-22 18:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 06:36 - 2015-07-22 18:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-09 06:36 - 2015-07-22 18:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-09 06:36 - 2015-07-22 18:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-09 06:36 - 2015-07-22 18:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 06:36 - 2015-07-22 18:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 06:36 - 2015-07-22 18:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 06:36 - 2015-07-22 18:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-09 06:36 - 2015-07-22 18:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-09 06:36 - 2015-07-22 18:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 06:36 - 2015-07-22 18:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 06:36 - 2015-07-22 17:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 06:36 - 2015-07-22 17:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 17:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 06:36 - 2015-07-22 11:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-09 06:36 - 2015-07-22 11:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-09 06:36 - 2015-07-22 11:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-09 06:36 - 2015-07-22 11:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-09 06:36 - 2015-07-22 11:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-09 06:36 - 2015-07-22 11:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-09 06:36 - 2015-07-22 11:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-09 06:36 - 2015-07-22 11:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-09 06:36 - 2015-07-22 11:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-09 06:36 - 2015-07-22 11:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-09 06:36 - 2015-07-22 11:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-09 06:36 - 2015-07-22 11:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-09 06:36 - 2015-07-22 11:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 11:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 10:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 06:36 - 2015-07-22 10:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 06:36 - 2015-07-22 10:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 06:36 - 2015-07-22 10:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 06:36 - 2015-07-22 10:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-09 06:36 - 2015-07-22 10:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-09 06:36 - 2015-07-22 10:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 06:36 - 2015-07-22 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-09 06:36 - 2015-07-09 11:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 06:36 - 2015-07-09 11:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 06:36 - 2015-07-09 11:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-09 06:36 - 2015-07-09 11:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-09 06:35 - 2015-08-27 12:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 06:35 - 2015-08-27 12:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 06:35 - 2015-08-27 12:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 06:35 - 2015-08-27 12:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 06:35 - 2015-08-27 11:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 06:35 - 2015-08-27 11:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 06:35 - 2015-08-27 11:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-09 06:35 - 2015-08-27 11:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-09 06:35 - 2015-08-17 19:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 06:35 - 2015-08-17 19:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 06:35 - 2015-08-15 00:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 06:35 - 2015-08-15 00:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 06:35 - 2015-08-15 00:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 06:35 - 2015-08-15 00:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 06:35 - 2015-08-15 00:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 06:35 - 2015-08-15 00:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 06:35 - 2015-08-15 00:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 06:35 - 2015-08-15 00:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 06:35 - 2015-08-15 00:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 06:35 - 2015-08-15 00:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 06:35 - 2015-08-15 00:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 06:35 - 2015-08-15 00:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 06:35 - 2015-08-15 00:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 06:35 - 2015-08-15 00:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 06:35 - 2015-08-15 00:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 06:35 - 2015-08-15 00:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 06:35 - 2015-08-15 00:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 06:35 - 2015-08-15 00:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 06:35 - 2015-08-14 23:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 06:35 - 2015-08-14 23:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 06:35 - 2015-08-14 23:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 06:35 - 2015-08-14 23:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 06:35 - 2015-08-14 23:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 06:35 - 2015-08-14 23:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 06:35 - 2015-08-14 23:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 06:35 - 2015-08-14 23:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 06:35 - 2015-08-14 23:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 06:35 - 2015-08-14 23:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 06:35 - 2015-08-14 23:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 06:35 - 2015-08-14 23:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 06:35 - 2015-08-14 23:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 06:35 - 2015-08-14 23:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 06:35 - 2015-08-14 23:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 06:35 - 2015-08-14 23:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 06:35 - 2015-08-14 23:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 06:35 - 2015-08-14 23:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 06:35 - 2015-08-14 23:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 06:35 - 2015-08-14 23:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 06:35 - 2015-08-14 23:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 06:35 - 2015-08-14 23:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 06:35 - 2015-08-14 23:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 06:35 - 2015-08-14 23:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 06:35 - 2015-08-14 23:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 06:35 - 2015-08-14 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 06:35 - 2015-08-14 23:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 06:35 - 2015-08-14 23:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 06:35 - 2015-08-14 23:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 06:35 - 2015-08-14 23:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 06:35 - 2015-08-14 23:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 06:35 - 2015-08-14 23:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 06:35 - 2015-08-14 23:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 06:35 - 2015-08-14 23:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 06:35 - 2015-08-14 23:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 06:35 - 2015-08-14 22:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 06:35 - 2015-08-14 22:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 06:35 - 2015-08-14 22:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 06:35 - 2015-08-14 22:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 06:35 - 2015-08-14 22:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 06:35 - 2015-06-25 04:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 06:35 - 2015-06-25 04:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 06:35 - 2015-06-25 04:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 06:35 - 2015-06-25 03:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 06:26 - 2015-09-01 21:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 06:26 - 2015-09-01 21:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 06:26 - 2015-09-01 21:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 06:26 - 2015-09-01 21:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 06:26 - 2015-09-01 20:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-09 06:26 - 2015-09-01 20:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 06:26 - 2015-09-01 20:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-09 06:26 - 2015-09-01 20:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-09 06:26 - 2015-09-01 19:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 06:26 - 2015-09-01 19:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 06:26 - 2015-09-01 19:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 06:26 - 2015-08-04 12:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-09 06:26 - 2015-08-04 12:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-09 06:26 - 2015-08-04 11:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 06:26 - 2015-08-04 11:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 06:26 - 2015-08-04 11:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 06:26 - 2015-08-04 11:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 06:26 - 2015-08-04 11:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 06:26 - 2015-08-04 11:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 06:26 - 2015-08-04 10:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 06:25 - 2015-08-26 12:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 06:25 - 2015-08-26 12:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 06:25 - 2015-08-26 12:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 06:25 - 2015-08-26 12:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 06:25 - 2015-08-26 12:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 06:25 - 2015-08-26 12:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 06:25 - 2015-08-26 12:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 06:25 - 2015-08-26 12:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 06:25 - 2015-08-26 12:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 06:25 - 2015-08-26 12:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 06:25 - 2015-08-26 12:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 06:25 - 2015-08-26 11:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 06:25 - 2015-08-26 11:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 06:25 - 2015-08-26 11:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 06:25 - 2015-08-26 11:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-09 06:25 - 2015-08-26 11:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 06:16 - 2015-09-09 06:17 - 00005954 _____ C:\Users\owner\Documents\cc_20150909_061632.reg
2015-09-07 16:24 - 2015-09-07 16:24 - 00001278 _____ C:\Users\owner\Desktop\MyBackup 1.lnk
2015-09-07 15:04 - 2015-09-07 15:04 - 00001060 _____ C:\Users\owner\Desktop\GFI BackUp Freeware.lnk
2015-09-07 15:04 - 2015-09-07 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI BackUp Freeware
2015-09-07 15:04 - 2015-09-07 15:04 - 00000000 ____D C:\Program Files (x86)\GFI
2015-09-07 14:55 - 2015-09-07 15:04 - 00000000 ____D C:\Windows\GFIBckFUnwise
2015-09-07 14:53 - 2015-09-07 15:04 - 12839792 _____ C:\Users\owner\Downloads\gfibackup2011 (1).exe
2015-09-07 14:37 - 2015-09-07 14:39 - 00003738 _____ C:\Users\owner\Documents\Comodo Backup.log
2015-09-07 12:00 - 2015-09-07 12:00 - 00000000 ___HD C:\$Windows.~BT
2015-09-07 01:58 - 2015-09-08 14:14 - 00001908 _____ C:\Windows\diagwrn.xml
2015-09-07 01:58 - 2015-09-08 14:14 - 00001908 _____ C:\Windows\diagerr.xml
2015-09-07 01:38 - 2015-09-07 01:39 - 01110992 _____ (Symantec Corporation) C:\Users\owner\Desktop\NBRT-Retail-Downloader.exe
2015-09-07 01:34 - 2015-09-07 01:34 - 03088296 _____ (Symantec Corporation) C:\Users\owner\Desktop\NPE.exe
2015-09-07 01:16 - 2015-09-07 01:16 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Logishrd
2015-09-07 01:16 - 2015-09-07 01:16 - 00000000 ____D C:\Users\Todd\AppData\Local\GWX
2015-09-07 01:15 - 2015-09-07 01:15 - 00000000 ____D C:\Users\Todd\AppData\Roaming\Logitech
2015-09-07 00:14 - 2015-09-07 00:14 - 322387216 _____ C:\Users\owner\Desktop\regbackup2.reg
2015-09-06 23:46 - 2015-09-06 23:46 - 322231006 _____ C:\Users\owner\Desktop\regbackup1.reg
2015-09-06 21:56 - 2015-09-06 21:56 - 00000000 ___RD C:\Users\owner\Documents\RocketLifeNetwork
2015-09-06 21:55 - 2015-09-15 17:52 - 00000402 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-09-06 21:55 - 2015-09-06 21:55 - 00003406 _____ C:\Windows\System32\Tasks\HP Photo Creations Communicator
2015-09-06 19:49 - 2015-09-08 12:19 - 00000420 _____ C:\Users\owner\AppData\Roaming\mainhst.zgh
2015-09-06 19:46 - 2015-09-06 20:16 - 00000000 ____D C:\Users\owner\AppData\Roaming\ZipGenius
2015-09-06 19:43 - 2015-09-06 19:43 - 00001126 _____ C:\Users\Public\Desktop\ZipGenius 6.lnk
2015-09-06 19:43 - 2015-09-06 19:43 - 00000988 _____ C:\Users\Public\Desktop\CZIP 2 Opener.lnk
2015-09-06 19:43 - 2015-09-06 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZipGenius 6
2015-09-06 19:43 - 2015-09-06 19:43 - 00000000 ____D C:\Program Files (x86)\ZipGenius 6
2015-09-06 19:37 - 2015-09-06 19:38 - 08997379 _____ (The ZipGenius Team ) C:\Users\owner\Downloads\zg63std.exe
2015-09-06 19:33 - 2015-09-06 19:33 - 01334336 _____ (Igor Pavlov) C:\Users\owner\Downloads\7z1506-x64.exe
2015-09-06 19:33 - 2015-09-06 19:33 - 00000000 ____D C:\Program Files\7-Zip
2015-09-06 19:24 - 2015-09-06 19:24 - 00109091 _____ C:\Users\owner\Downloads\usbdeview-x64.zip
2015-09-06 10:40 - 2015-09-06 10:40 - 00006318 _____ C:\Users\owner\Documents\cc_20150906_104032.reg
2015-09-06 10:40 - 2015-09-06 10:40 - 00000414 _____ C:\Users\owner\Documents\cc_20150906_104053.reg
2015-09-06 09:11 - 2015-09-15 18:00 - 00000468 _____ C:\Windows\Tasks\ParetoLogic Registration3.job
2015-09-06 09:11 - 2015-09-13 03:23 - 00000442 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job
2015-09-06 09:11 - 2015-09-12 18:41 - 00000494 _____ C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-09-06 09:11 - 2015-09-12 18:15 - 00000000 ____D C:\ProgramData\ParetoLogic
2015-09-06 09:11 - 2015-09-06 09:11 - 00003252 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3
2015-09-06 09:11 - 2015-09-06 09:11 - 00003132 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3
2015-09-06 09:11 - 2015-09-06 09:11 - 00002920 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2015-09-06 09:11 - 2015-09-06 09:11 - 00000000 ____D C:\Users\owner\AppData\Roaming\ParetoLogic
2015-09-06 09:11 - 2015-09-06 09:11 - 00000000 ____D C:\Users\owner\AppData\Roaming\DriverCure
2015-09-06 08:49 - 2015-09-06 08:49 - 00000000 ____D C:\Users\owner\Desktop\Wavepad
2015-09-05 20:55 - 2015-09-05 20:55 - 439575346 _____ C:\Users\owner\Desktop\regbackup.reg
2015-09-01 17:42 - 2015-09-01 17:42 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-30 04:09 - 2015-08-30 04:09 - 00053788 _____ C:\Users\owner\Documents\cc_20150830_040953.reg
2015-08-30 03:57 - 2015-08-30 03:57 - 00000905 _____ C:\Users\owner\Desktop\REGISTRY VALUES.txt
2015-08-29 19:12 - 2015-08-29 19:12 - 00002537 _____ C:\Users\owner\Desktop\uninstall NCH.txt
2015-08-29 16:51 - 2015-08-29 16:51 - 00001160 _____ C:\Users\owner\Desktop\uninstall sdk.txt
2015-08-29 16:38 - 2015-08-29 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
2015-08-29 16:38 - 2015-08-29 16:38 - 00000000 ____D C:\Program Files\Microsoft SDKs
2015-08-29 16:37 - 2015-08-29 16:37 - 00509264 _____ (Microsoft Corporation) C:\Users\owner\Desktop\winsdk_web.exe
2015-08-29 10:28 - 2015-08-29 10:28 - 00000000 ____D C:\temp
2015-08-28 00:43 - 2015-08-28 01:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-27 19:38 - 2015-08-27 19:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_vdbus_01009.Wdf
2015-08-27 19:38 - 2014-10-07 05:14 - 03550400 _____ (COMODO Security Solutions) C:\Windows\system32\Drivers\COSService.exe
2015-08-27 19:38 - 2014-10-07 05:14 - 02575552 _____ (COMODO Security Solutions) C:\Windows\system32\Drivers\SynchronizationService.exe
2015-08-27 19:37 - 2015-09-08 23:28 - 00000000 ____D C:\Program Files\COMODO
2015-08-27 13:46 - 2015-08-27 18:42 - 22435552 _____ (COMODO) C:\Users\owner\Downloads\CB_setup.exe
2015-08-27 13:46 - 2015-08-27 13:46 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2015-08-27 13:42 - 2015-08-27 13:42 - 38261768 _____ (AOMEI Technology Co., Ltd. ) C:\Users\owner\Downloads\Backupper.exe
2015-08-26 12:37 - 2015-08-26 12:37 - 00000746 _____ C:\Users\owner\Documents\cc_20150826_123659.reg
2015-08-25 13:02 - 2015-08-25 13:02 - 00001315 _____ C:\Users\Public\Desktop\Freemake Audio Converter.lnk
2015-08-24 23:51 - 2015-09-14 05:29 - 01081683 _____ C:\Windows\WindowsUpdate.log
2015-08-24 23:43 - 2015-08-24 23:43 - 00000170 _____ C:\Users\owner\Documents\cc_20150824_234326.reg
2015-08-24 17:56 - 2015-08-24 17:56 - 00022256 _____ C:\Users\owner\Documents\cc_20150824_175616.reg
2015-08-24 17:56 - 2015-08-24 17:56 - 00000804 _____ C:\Users\owner\Documents\cc_20150824_175639.reg
2015-08-24 17:37 - 2015-08-24 17:37 - 00008354 _____ C:\Windows\system32\.crusader
2015-08-24 13:37 - 2015-08-24 13:37 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-24 13:33 - 2015-09-07 01:54 - 11352032 _____ (SurfRight B.V.) C:\Users\owner\Desktop\HitmanPro_x64.exe
2015-08-24 13:32 - 2015-08-24 17:40 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-24 12:52 - 2015-08-24 12:52 - 00019282 _____ C:\Users\owner\Desktop\mbam scan findings.txt
2015-08-24 12:17 - 2015-08-24 12:17 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\owner\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-24 12:03 - 2015-08-24 12:03 - 01798576 _____ (Malwarebytes Corporation) C:\Users\owner\Desktop\JRT.exe
2015-08-24 10:50 - 2015-09-07 01:46 - 00000000 ____D C:\AdwCleaner
2015-08-24 10:47 - 2015-08-24 11:44 - 01605632 _____ C:\Users\owner\Desktop\adwcleaner_5.003.exe
2015-08-23 23:37 - 2015-08-23 23:37 - 00001706 _____ C:\Users\owner\Documents\cc_20150823_233716.reg
2015-08-23 12:48 - 2015-09-06 20:16 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-08-23 12:48 - 2015-08-23 12:48 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2015-08-23 12:38 - 2015-08-25 13:04 - 00000000 ____D C:\Program Files\Logitech
2015-08-23 11:53 - 2015-08-25 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-23 11:42 - 2015-09-06 21:29 - 00000000 ____D C:\ProgramData\LogiShrd
2015-08-23 11:42 - 2015-08-25 13:04 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2015-08-23 11:41 - 2015-08-23 11:42 - 04147600 _____ ($Co_Name Inc.) C:\Users\owner\Desktop\unifying250.exe
2015-08-23 11:33 - 2015-08-23 12:48 - 00000000 ____D C:\Users\owner\AppData\Roaming\Logitech
2015-08-23 11:33 - 2015-08-23 12:39 - 00000000 ____D C:\Users\owner\AppData\Roaming\Logishrd
2015-08-23 04:32 - 2015-08-23 04:32 - 00014256 _____ C:\Users\owner\Documents\cc_20150823_043227.reg
2015-08-23 04:32 - 2015-08-23 04:32 - 00008034 _____ C:\Users\owner\Documents\cc_20150823_043244.reg
2015-08-23 04:17 - 2015-08-23 04:17 - 00003012 _____ C:\Windows\System32\Tasks\{24BB2D65-6D3C-468F-888C-7B16728790CF}
2015-08-23 03:04 - 2015-08-23 03:04 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-08-22 20:28 - 2015-08-23 02:45 - 00002116 _____ C:\aaw7boot.log
2015-08-22 20:07 - 2015-08-22 20:07 - 00095024 _____ (Sunbelt Software) C:\Windows\system32\Drivers\SBREDrv.sys
2015-08-22 19:56 - 2015-08-22 19:56 - 00000170 _____ C:\Users\owner\Documents\cc_20150822_195558.reg
2015-08-19 23:53 - 2015-08-19 23:54 - 01308672 _____ C:\Users\owner\Downloads\zoek.exe
2015-08-19 13:51 - 2015-08-19 13:51 - 04833280 _____ C:\Users\owner\s-1-5-21-471647914-2874807093-1816397679-1000.rrr
2015-08-19 13:51 - 2015-08-19 13:51 - 02256896 _____ C:\Users\Todd\s-1-5-21-471647914-2874807093-1816397679-1001.rrr
2015-08-19 13:51 - 2015-08-19 13:51 - 00929792 _____ C:\Windows\system32\config\default.rrr
2015-08-19 13:49 - 2015-08-19 13:51 - 85307392 _____ C:\Windows\system32\config\software.rrr
2015-08-19 10:16 - 2015-08-19 10:16 - 00000170 _____ C:\Users\owner\Documents\cc_20150819_101604.reg
2015-08-19 01:02 - 2015-08-19 01:02 - 00000170 _____ C:\Users\owner\Documents\cc_20150819_010238.reg
2015-08-16 03:26 - 2015-08-16 03:27 - 00000170 _____ C:\Users\owner\Documents\cc_20150816_032657.reg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-15 18:26 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-15 18:26 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-15 17:57 - 2015-06-21 13:54 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-471647914-2874807093-1816397679-1000UA.job
2015-09-14 19:57 - 2015-06-21 13:54 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-471647914-2874807093-1816397679-1000Core.job
2015-09-14 11:24 - 2013-11-16 17:35 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForowner
2015-09-14 11:24 - 2013-11-16 17:35 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForowner.job
2015-09-13 21:02 - 2012-01-15 14:10 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2015-09-13 20:32 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-09-13 03:33 - 2012-12-27 00:48 - 00000000 ____D C:\Windows\pss
2015-09-12 18:59 - 2013-01-22 13:20 - 00000000 ____D C:\Users\owner\AppData\Roaming\Norton Utilities 16
2015-09-12 18:59 - 2011-11-07 18:26 - 00000000 ____D C:\ProgramData\Temp
2015-09-12 18:42 - 2013-06-11 13:15 - 00000000 ___RD C:\Users\owner\Dropbox
2015-09-12 18:42 - 2013-06-11 13:02 - 00000000 ____D C:\Users\owner\AppData\Roaming\Dropbox
2015-09-12 18:41 - 2013-02-09 21:08 - 00000288 _____ C:\Windows\Tasks\NUAutoUpdate.job
2015-09-12 18:38 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-09 13:43 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-09-09 10:52 - 2009-07-13 21:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-09 10:38 - 2009-07-13 23:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-09 10:31 - 2009-07-13 22:45 - 00397136 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 10:29 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 10:27 - 2013-08-14 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-09 06:28 - 2011-11-07 18:36 - 00000000 ____D C:\ProgramData\Norton
2015-09-08 18:24 - 2011-12-30 01:37 - 00000000 ____D C:\Users\owner\AppData\Roaming\SoftGrid Client
2015-09-07 12:00 - 2011-02-11 11:00 - 00000000 ____D C:\Windows\Panther
2015-09-07 01:35 - 2012-12-27 03:16 - 00000000 ____D C:\Users\owner\AppData\Local\NPE
2015-09-07 01:15 - 2012-09-18 14:02 - 00000856 __RSH C:\Users\Todd\ntuser.pol
2015-09-07 01:15 - 2011-12-31 11:28 - 00000000 ____D C:\Users\Todd
2015-09-07 01:12 - 2011-11-07 18:36 - 00000000 ____D C:\Program Files\Symantec
2015-09-06 21:56 - 2015-06-06 15:20 - 00000000 ____D C:\Users\owner\AppData\Roaming\HP Photo Creations
2015-09-06 21:56 - 2013-12-07 16:09 - 00000000 ___RD C:\Users\owner\Documents\HP Photo Creations
2015-09-06 21:55 - 2015-06-06 15:20 - 00002111 _____ C:\Users\owner\Desktop\HP Photo Creations.lnk
2015-09-06 19:27 - 2015-08-04 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2015-09-06 16:59 - 2013-08-24 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-09-06 16:59 - 2011-12-17 11:35 - 00000000 ____D C:\Users\owner\Desktop\Desktop Items
2015-09-06 16:58 - 2013-03-16 20:19 - 00000000 ____D C:\Users\owner\Desktop\HP
2015-09-06 11:18 - 2013-03-16 15:53 - 00000000 ____D C:\Users\owner\AppData\Roaming\gsak
2015-09-06 11:05 - 2013-03-15 13:11 - 00245760 ___SH C:\Users\owner\Downloads\Thumbs.db
2015-09-06 10:57 - 2013-03-15 12:45 - 00000000 ____D C:\Users\owner\Documents\First Student
2015-09-06 10:52 - 2014-05-04 19:01 - 00000000 ____D C:\Program Files (x86)\BHOK IT Consulting
2015-09-06 10:51 - 2015-04-26 22:03 - 00000000 ____D C:\Program Files (x86)\OLYMPUS
2015-08-29 16:38 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-29 15:28 - 2012-04-27 12:29 - 00007624 _____ C:\Users\owner\AppData\Local\resmon.resmoncfg
2015-08-29 10:28 - 2012-05-03 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-27 22:32 - 2011-12-16 17:52 - 00000000 ____D C:\Users\owner
2015-08-27 18:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-26 18:37 - 2011-12-16 18:33 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-25 13:03 - 2012-06-10 16:53 - 00000000 ____D C:\ProgramData\Freemake
2015-08-24 12:53 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2015-08-24 12:52 - 2015-08-13 03:05 - 00001118 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-24 12:52 - 2014-09-03 00:47 - 00001125 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-24 12:52 - 2012-03-27 18:16 - 00000000 ____D C:\ProgramData\InstallMate
2015-08-24 12:52 - 2011-12-29 18:47 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-24 12:52 - 2011-12-16 17:56 - 00001418 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-24 12:25 - 2012-10-27 18:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-24 11:46 - 2009-07-13 23:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-24 11:25 - 2014-09-03 00:03 - 00001050 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-08-23 12:09 - 2012-07-12 13:31 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-23 04:27 - 2012-07-12 13:31 - 00000000 ____D C:\Users\owner\AppData\Local\Google
2015-08-22 16:56 - 2012-10-18 10:41 - 00003212 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKAREN$
2015-08-22 16:56 - 2012-10-18 10:41 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForKAREN$.job
2015-08-19 14:06 - 2013-11-25 12:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-19 13:51 - 2013-12-09 22:47 - 00008192 _____ C:\Users\fbwuser\s-1-5-21-471647914-2874807093-1816397679-1005.rrr
2015-08-19 09:40 - 2013-11-25 12:37 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-19 09:40 - 2012-03-31 15:39 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-19 09:40 - 2011-11-07 18:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2011-11-07 18:37 - 2011-06-09 17:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
2015-09-06 19:49 - 2015-09-08 12:19 - 0000420 _____ () C:\Users\owner\AppData\Roaming\mainhst.zgh
2014-08-13 18:43 - 2014-08-13 18:43 - 0000042 _____ () C:\Users\owner\AppData\Roaming\WB.CFG
2012-07-26 15:03 - 2014-12-22 01:44 - 0018432 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-27 12:29 - 2015-08-29 15:28 - 0007624 _____ () C:\Users\owner\AppData\Local\resmon.resmoncfg
2013-11-23 15:55 - 2013-11-23 15:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-16 11:51 - 2014-05-02 10:20 - 0005477 _____ () C:\ProgramData\hpzinstall.log

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-471647914-2874807093-1816397679-1001\$f35be82a022b833ab74c5768c861f51f

Files to move or delete:
====================
C:\Users\owner\jagex_runescape_preferences.dat
C:\Users\owner\jagex_runescape_preferences2.dat
C:\Users\owner\jagex__preferences3.dat
C:\Users\Todd\cc_20130909_211044.reg
C:\Users\Todd\cc_20131005_030321.reg


Some files in TEMP:
====================
C:\Users\owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfibo5r.dll
C:\Users\Todd\AppData\Local\Temp\InstallFlashPlayer.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-11 00:20

==================== End of FRST.txt ============================

Attached Files



#5 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 16 September 2015 - 12:28 AM

Hello SpecialKlady,

 

Thank you for the provided logs. I will inspect later today and I will be back  with further instructions as fast as possible.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#6 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 20 September 2015 - 01:57 AM

Hello SpecialKlady and sorry for the delay.
 
After reviewing your logs, I can see couple of things that needs to be addressed in terms of malware. It looks like you have been dealing with the ZeroAccess infection and this is what has caused the overload of ads on your system. It looks like that the tools you have run earlier, have altered parts of the malware. Since we are talking about botnet right now, I will advise you to use the system as little as you can and keep it disconnected from the Internet, unless you need to download fixes and tools to be run on it. This will help us blocking possible reinfection during the removal process.
 
The infection may have been identified, but because of its structure and functionality it is very likely that the system has been compromised. This means that we cannot be sure in any way that the PC is completely secure. Many experts say that every system that has been a victim of a Trojan Backdoor attack must be reformatted and the operating system must be reinstalled. This means that you have to backup every bit of information that you need. I will help you with the malware removal process but again, I cannot guarantee that the system will be 100% secure
 
You need to change all of your passwords that you use since they can be compromised by the attacker. The password change process must be done from another system. Please, refer here. The affected accounts must not be accessed from this machine until the end of the malware removal process.
 
********************
 
Going over your logs I noticed that you have FrostWire installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
  • It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall FrostWire, however that choice is up to you. If you choose to remove that program, you can do so via Programs and Features applet in Control Panel.
 
********************
 
First, I want to see what the previously used tools had removed. To achieve that, please, attach the log files from AdwCleaner, JRT, MBAM and HitmanPro. You can find them in the following destinations:

  • The log of AdwCleaner is located in C:\AdwCleaner folder and should be named AdwCleaner[C#].txt, where the "#" for the most recent log should be the largest number.
  • The log from Junkware Removal Tool should be located on your Desktop under the name JRT.txt
  • If you have not saved manually the log from HitmanPro, you can find it in the C:\ProgramData\HitmanPro\Logs folder.
  • To retrieve the log from MBAM:
    • Open Malwarebytes Anti-Malware.
    • Click the History Tab at the top and select Application Logs.
    • Check the box next to Scan Log. Choose the most current scan.
    • Click the View button.
    • Click Export and save the log as a .txt file on your Desktop or another location.

Note: Since we are looking for logs that include information for removed object, you may need to include the ones generated before the last scans run, which, as you said, come out clear.
 
********************
 
Note: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Please download the attached fixlist.txt file and save it to the same location as FRST -

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Desktop.

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

Please, post the content of the log file in your next reply.
 
********************
 
Please, download TDSSKiller  and save the file on your Desktop.
 
Note: Be sure to save the file first and then execute it. Otherwise, if executed from temporary directory, problems may occur.

  • Right-click on tool's icon and choose Run as Administrator.

Note: If for some reason the tool cannot run, please, try renaming it to a random generated name.

  • Push the Start Scan button. Do not use the computer during the scan process.
  • If the scan completes with nothing found, choose Close to exit.
  • If there are malicious objects found, they will show in Scan results -> Select action for found objects.
  • Three options will be available for you. Please, ensure that Skip option is selected.
  • Choose Continue -> Reboot now to finish the cleaning process by the tool.

Important note: If the Cure option is not available, choose Skip instead. Do not choose Delete unless instructed to do so.

  • A log file, named as following - TDSSKiller_Version_Date_Time_Log.txt will be created in the root directory (C:\)

Please, post the content of the log file in your next post.
 
********************
 
Please, go to VirusTotal.

  • Press the Choose File button.
  • Navigate through the directories and locate the following file:
C:\Users\owner\AppData\Roaming\mainhst.zgh
  • Upload the file for inspection by pushing the Scan It! button. When the results are ready, please, provide a link so I can take a look at them.

Note: If you receive a window, telling you that the file has already been analyzed, please, choose Reanalyze.
 
*******************
 
How is your system running now? Are there any changes to its behavior after you executed the script with FRST?


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#7 SpecialKlady

SpecialKlady
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 20 September 2015 - 01:04 PM

Hi Stan, no problem - I know this is going to take some time. Thank you for trying to help me with this.

I'm not all that computer-literate, so I have a few questions for you while I do all the reports.

1) You said I need to reset all my passwords. I know that includes things like online banking, etc. Does it also include things actually on my computer (ie - login passwords at startup, passwords for the files on my computer, Bleeping Computer, google accounts, etc.)?

2) How easily could I transfer this infection to my son's laptop? Could it be transferred by using Dropbox (if I had to transfer files)?

3) I know I need to limit my internet use. Would Dropbox be okay to use? or does it actually use the internet? The reason I'm asking is because we have a home-based business that requires sending pictures to clients. I am already very behind due to this nasty botware. I can send them from the laptop, but I have to get them from my computer first. If I send them through Dropbox, do I run the risk of infecting the laptop, my tablet, etc.?

4) I believe I have backed up most of my important files (sounds like a hard drive wipe and reinstall may be imminent). Will the infection be in the backup as well (ie - especially for things such as email)?

Ok, I think that's all the questions for now. I will get on with those reports for you.


Edited by SpecialKlady, 20 September 2015 - 03:05 PM.


#8 SpecialKlady

SpecialKlady
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 20 September 2015 - 02:33 PM

Here are the logs for ADWCleaner, Hitman Pro, and MBAM. I can't seem to find the JRT one - I may have deleted it before I realized I should have saved them. I am including all the (C#) files generated on that day and all the HitmanPro just in case they offer more insight. There are also 5 (S#) files, a Quarantine.log, and a Quarantine file. Let me know if you need any of those ones. I will now go and generate the next scans/reports.

Attached Files



#9 SpecialKlady

SpecialKlady
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 20 September 2015 - 02:52 PM

Sorry, here's the proper MBAM.txt log.

Attached Files

  • Attached File  MBAM.txt   19.79KB   6 downloads


#10 SpecialKlady

SpecialKlady
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 20 September 2015 - 02:56 PM

Also, where is the fixlist.txt file that I need to download? I don't see it.



#11 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 20 September 2015 - 03:02 PM

Hello SpecialKlady,

 

Thank you for the provided logs. Since I'm only for a little time on my system, I will be able to respond to your questions tomorrow morning. Meanwhile, I'm sorry for the missing file, which I have now attached to this post - Attached File  fixlist.txt   1.22KB   6 downloads


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#12 SpecialKlady

SpecialKlady
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 20 September 2015 - 03:09 PM

No problem, thank you...now I will continue with the rest of the tasks.  :thumbup2:



#13 SpecialKlady

SpecialKlady
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 20 September 2015 - 03:30 PM

Here's the Fixlog.txt. There seems to be a lot of "ATTENTION"s in there. Should I continue with the rest of the steps or wait for further instructions? I think I'll wait just in case. I know it's important to follow the steps in the order given and I really don't want to mess this up. Please let me know if it's okay to carry on.

Attached Files



#14 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 AM

Posted 20 September 2015 - 03:38 PM

Hello SpecialKlady,

 

I managed to take a quick look over the log and I can say that everything is fine. Meanwhile, I'm glad that you asked the question; and yes, you can safely continue with the rest of the steps.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#15 SpecialKlady

SpecialKlady
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 20 September 2015 - 10:11 PM

Thank you. I have continued on. TDSSKiller came back with nothing. I'm not sure if this is what is nneeded for a link for VirusTotal, but here's my version of the link: https://www.virustotal.com/en/file/a3ff440d7f04f5f339fa48001ca0a8d26c99f300a4170217852d974a7a396587/analysis/1442801733/ . Let me know if I should have done something different. I haven't too much different since I ran that first FRST scan (I have been trying to stay off the computer like you said). I have noticed I don't seem to be getting the popups when I open Firefox. I still don't have a working keyboard, I still don't have permission to open certain files, and there's directories/files (like "owner" and temp files and program files) that have locks on the icons that I've never seen before. Also, my Q:\ drive (with MS Office 2010) still says "access denied" and has 0 bytes of data on it. New tabs in Firefox seem to load a lot faster. I just checked on IE and it seems to beloading faster with no popups/redirects as well. Now...if only I could get my keyboard back - life would be soooo much easier! I await further instructions from you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users