Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tracking Cookies Continue to Show up 2nd Removal Attempt


  • This topic is locked This topic is locked
51 replies to this topic

#1 LJN

LJN

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 23 November 2015 - 12:59 PM

After running HitMan Pro and removing all tracking cookies, I can view one to two websites and rerun HMP and there will be several more tracking cookies back on my laptop. This isn't normal. Also when I open IE there is a much longer pause before the page actually opens. I apologize for the lack of information but something just isn't right. Thanks for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:22-11-2015
Ran by Owner (administrator) on OWNER-PC (23-11-2015 11:48:02)
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OM1BYDG4
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mobile Stream) C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
() C:\Users\Owner\Desktop\Documents\Leo Docs\PdaNet for Android\PdaNetPC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_245_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-03-02] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-05] (Google Inc.)
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk [2011-08-28]
ShortcutTarget: Camera Monitor HD.lnk -> C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5335E327-C6C4-435D-A620-44AC2990D064}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1536234192-1293814445-1674301984-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_enUS437
SearchScopes: HKU\S-1-5-21-1536234192-1293814445-1674301984-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1536234192-1293814445-1674301984-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://200.36.58.250/activex/AMC.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2015-11-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2015-11-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn => not found

Chrome:
=======
CHR NewTab: Default -> "chrome-extension://eihhgekonheiliaidomffpplfhecmkag/newtab.html"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-12-28]
CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-27]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.5.14\N360.exe [282016 2015-11-12] (Symantec Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-24] (TOSHIBA Corporation) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [22728 2015-05-04] (Mobile Stream)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-19] (Symantec Corporation)
U3 EraserUtilDrv11520; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11520.sys [157520 2015-11-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20151120.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151123.004\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151123.004\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-10-28] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-10-28] (RapidSolution Software AG)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00E\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00E\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\N360x64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 TuneConvertAudio; C:\Windows\System32\drivers\TuneConvertAudio.sys [34040 2011-10-05] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 11:47 - 2015-11-23 11:48 - 00000000 ____D C:\FRST
2015-11-21 01:58 - 2015-11-21 01:58 - 00000000 ____D C:\Users\Owner\.android
2015-11-21 01:52 - 2015-11-21 01:52 - 00002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTether.lnk
2015-11-21 01:52 - 2015-11-21 01:52 - 00000000 ____D C:\Program Files\Mobile Stream
2015-11-21 01:52 - 2015-05-04 18:04 - 00022728 _____ (Mobile Stream) C:\windows\system32\Drivers\easytthr.sys
2015-11-21 01:51 - 2015-11-21 01:51 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-12 21:45 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-12 21:45 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-12 21:45 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-12 21:45 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-12 21:45 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-12 21:45 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-11-12 21:45 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-11-12 21:45 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-12 21:45 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-11-12 21:45 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-12 21:45 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-11-12 21:45 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-12 21:45 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-12 21:45 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-12 21:45 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-11-12 21:45 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-12 21:44 - 2015-11-03 16:10 - 00390344 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-11-12 21:44 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-11-12 21:44 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-12 21:44 - 2015-10-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-11-12 21:44 - 2015-10-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-11-12 21:44 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-12 21:44 - 2015-10-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-11-12 21:44 - 2015-10-30 17:25 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-11-12 21:44 - 2015-10-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-11-12 21:44 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-12 21:44 - 2015-10-30 17:24 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-11-12 21:44 - 2015-10-30 17:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-11-12 21:44 - 2015-10-30 17:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-11-12 21:44 - 2015-10-30 17:13 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-11-12 21:44 - 2015-10-30 17:12 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-11-12 21:44 - 2015-10-30 17:12 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-11-12 21:44 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-12 21:44 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-12 21:44 - 2015-10-30 17:11 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-11-12 21:44 - 2015-10-30 17:04 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-11-12 21:44 - 2015-10-30 17:01 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-11-12 21:44 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-11-12 21:44 - 2015-10-30 16:53 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-11-12 21:44 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-12 21:44 - 2015-10-30 16:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-11-12 21:44 - 2015-10-30 16:49 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-11-12 21:44 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-12 21:44 - 2015-10-30 16:46 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-11-12 21:44 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-11-12 21:44 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-11-12 21:44 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-11-12 21:44 - 2015-10-30 16:44 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-11-12 21:44 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-11-12 21:44 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-12 21:44 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-11-12 21:44 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-11-12 21:44 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-11-12 21:44 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-12 21:44 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-11-12 21:44 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-11-12 21:44 - 2015-10-30 16:34 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-11-12 21:44 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-12 21:44 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-12 21:44 - 2015-10-30 16:29 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-11-12 21:44 - 2015-10-30 16:29 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-11-12 21:44 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-11-12 21:44 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-12 21:44 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-12 21:44 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-11-12 21:44 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-11-12 21:44 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-11-12 21:44 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-12 21:44 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-11-12 21:44 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-12 21:44 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-11-12 21:44 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-12 21:44 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-12 21:44 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-11-12 21:44 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-11-12 21:44 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-12 21:44 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-12 21:44 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-12 21:44 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-12 21:44 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-12 21:44 - 2015-10-19 19:12 - 05570496 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-12 21:44 - 2015-10-19 19:12 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-12 21:44 - 2015-10-19 19:12 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-11-12 21:44 - 2015-10-19 19:09 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-11-12 21:44 - 2015-10-19 19:06 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-11-12 21:44 - 2015-10-19 19:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-11-12 21:44 - 2015-10-19 19:06 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-11-12 21:44 - 2015-10-19 19:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-11-12 21:44 - 2015-10-19 19:05 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-11-12 21:44 - 2015-10-19 19:05 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-11-12 21:44 - 2015-10-19 19:04 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-11-12 21:44 - 2015-10-19 19:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-11-12 21:44 - 2015-10-19 19:04 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-11-12 21:44 - 2015-10-19 19:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-11-12 21:44 - 2015-10-19 18:59 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-11-12 21:44 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-11-12 21:44 - 2015-10-19 18:48 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-11-12 21:44 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-11-12 21:44 - 2015-10-19 18:44 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-11-12 21:44 - 2015-10-19 18:44 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-11-12 21:44 - 2015-10-19 18:44 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-11-12 21:44 - 2015-10-19 18:44 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-11-12 21:44 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-11-12 21:44 - 2015-10-19 18:44 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-11-12 21:44 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-11-12 21:44 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 17:41 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-12 21:44 - 2015-10-19 17:40 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-11-12 21:44 - 2015-10-19 17:40 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-12 21:44 - 2015-10-19 17:29 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-11-12 21:44 - 2015-10-19 17:29 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-11-12 21:44 - 2015-10-19 17:27 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 17:27 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 17:27 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 17:27 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-12 21:44 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-12 21:44 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-12 21:44 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-12 21:44 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-12 21:44 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-12 21:43 - 2015-11-03 11:55 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-12 21:43 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-11-12 21:43 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-11-12 21:43 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-11-12 21:43 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-11-12 21:43 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-11-12 21:43 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-11-12 21:43 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-11-12 21:43 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-11-12 21:43 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-11-12 21:43 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-11-12 21:43 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-11-08 00:08 - 2015-11-08 00:08 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-07 20:37 - 2015-11-07 20:37 - 00000754 _____ C:\Users\Owner\Desktop\Start Emsisoft Emergency Kit.lnk
2015-11-07 20:36 - 2015-11-07 20:37 - 00000000 ____D C:\EEK
2015-11-07 01:04 - 2015-11-07 01:04 - 00000000 ____D C:\Users\Owner\AppData\Local\CEF
2015-11-06 15:05 - 2015-11-12 10:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-06 15:05 - 2015-11-06 15:05 - 00002018 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-29 05:14 - 2015-10-29 05:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{04EF6351-C901-4D22-B5AD-F0295C53774B}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 11:27 - 2012-04-01 23:33 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-23 11:25 - 2011-06-05 07:15 - 01559935 _____ C:\windows\WindowsUpdate.log
2015-11-23 11:23 - 2011-06-05 07:33 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-23 11:15 - 2011-06-05 07:33 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-23 11:09 - 2009-07-13 22:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-23 11:09 - 2009-07-13 22:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-23 11:01 - 2012-12-20 21:16 - 00000256 _____ C:\windows\Tasks\HP Photo Creations Messager.job
2015-11-21 01:58 - 2011-06-21 10:57 - 00000000 ____D C:\Users\Owner
2015-11-21 01:55 - 2009-07-13 22:51 - 00161482 _____ C:\windows\setupact.log
2015-11-20 21:50 - 2009-07-13 23:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-19 19:27 - 2014-07-22 15:00 - 00000000 ____D C:\windows\system32\Drivers\N360x64
2015-11-13 06:49 - 2012-07-28 21:33 - 00000000 ____D C:\Temp
2015-11-13 06:48 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-13 06:48 - 2009-07-13 22:45 - 00341616 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-12 23:33 - 2013-07-31 07:42 - 00000000 ____D C:\windows\system32\MRT
2015-11-12 23:28 - 2011-06-25 08:50 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-12 23:24 - 2011-11-24 18:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 22:51 - 2011-06-23 19:40 - 00775124 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-12 22:45 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-12 11:27 - 2012-04-01 23:33 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-12 11:27 - 2012-04-01 23:33 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-12 11:27 - 2011-07-13 10:50 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-07 12:31 - 2010-11-20 21:47 - 01319216 _____ C:\windows\PFRO.log
2015-11-07 12:05 - 2012-09-05 00:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-11-07 11:32 - 2014-12-14 17:29 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-07 11:31 - 2013-08-12 16:11 - 00000000 ____D C:\Users\Owner\Desktop\Documents\House Info
2015-11-07 01:04 - 2014-08-22 09:01 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2015-11-06 15:05 - 2015-01-01 13:13 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-06 15:05 - 2011-04-06 20:52 - 00000000 ____D C:\ProgramData\Adobe
2015-11-06 15:05 - 2011-04-06 20:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-02 00:25 - 2011-06-21 15:56 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2015-10-31 10:28 - 2015-01-02 13:38 - 00101572 _____ C:\Users\Owner\Desktop\Checkbook 2015.xlsx
2015-10-30 03:29 - 2015-03-17 00:36 - 00030818 _____ C:\Users\Owner\Desktop\2015 Lawns Service.xlsx
2015-10-30 03:29 - 2011-12-17 22:57 - 00000000 ____D C:\Users\Owner\Desktop\Documents\Leo Docs

==================== Files in the root of some directories =======

2014-11-15 09:12 - 2014-11-15 09:12 - 6000640 _____ () C:\Program Files (x86)\GUT4231.tmp
2013-01-11 14:13 - 2013-01-11 14:13 - 0022464 _____ (Intel Corporation) C:\Users\Owner\AppData\Roaming\JomCap.dll
2012-03-25 09:12 - 2012-03-25 09:12 - 0005120 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-29 17:28 - 2012-07-29 17:28 - 0003284 _____ () C:\Users\Owner\AppData\Local\Q$_140066.ENU_SoftGridUserSettings_S-1-5-21-1536234192-1293814445-1674301984-1000_settings.cp.temp
2013-02-14 12:54 - 2013-02-14 12:54 - 2250054 _____ () C:\ProgramData\1.bmp
2013-02-14 12:54 - 2013-02-14 12:54 - 0350795 _____ () C:\ProgramData\1.jpg
2012-12-20 21:13 - 2012-12-20 21:13 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-21 03:24

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:22-11-2015
Ran by Owner (2015-11-23 11:48:49)
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OM1BYDG4
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-21 16:57:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1536234192-1293814445-1674301984-500 - Administrator - Disabled)
Guest (S-1-5-21-1536234192-1293814445-1674301984-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1536234192-1293814445-1674301984-1003 - Limited - Enabled)
Owner (S-1-5-21-1536234192-1293814445-1674301984-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Audials (HKLM-x32\...\{92E4FEB9-8BE6-444E-8B8E-5C15E5A1FFBE}) (Version: 9.0.51202.200 - RapidSolution Software AG)
AXIS Media Control Embedded (HKLM-x32\...\AXIS Media Control Embedded) (Version:  - )
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Photo Navigator 1.5 (HKLM-x32\...\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}) (Version:  - )
EasyTether (HKLM-x32\...\{f35c852c-fc42-4050-ae97-8c15d2e00cf3}) (Version: 1.3.2 - Mobile Stream)
EasyTether (Version: 1.3.2 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{C7D0182C-824E-4795-88B0-418B8FED0203}) (Version: 1.0.5 - Mobile Stream)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Everio MediaBrowser HD Edition (HKLM-x32\...\{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}) (Version: 1.01.021 - PIXELA)
Express Zip (HKLM-x32\...\ExpressZip) (Version:  - NCH Software)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Garmin BaseCamp (HKLM-x32\...\{0D7C8884-192D-4E2D-A635-B282B3647E45}) (Version: 4.4.7 - Garmin Ltd or its subsidiaries)
Garmin HomePort (HKLM-x32\...\{0D10424D-67E6-448E-BEFA-558B87870D46}) (Version: 2.2.9 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{710D4D91-1924-4A6B-8659-9CDE02DC7207}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1213 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{626663EE-B9E6-4982-995F-02C31E84F8FC}) (Version: 2.0.29.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{18A6B663-A646-457B-A314-5CF58AECB06A}) (Version: 6.02.1000 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Koala Personal Search (HKLM-x32\...\Koala Personal Search) (Version: 1.33.153.1 - Koala Personal Search)
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MixPad Audio Mixer (HKLM-x32\...\MixPad) (Version:  - NCH Software)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.4.24 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 1.9.16.7446 - Medixant)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tango (HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\...\Tango) (Version: 1.6.14117 - TangoMe, Inc.)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.7 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.24.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.9.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.34C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.1.12 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.5.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.6.08-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Universal Password Manager (HKLM-x32\...\UPM) (Version: 1.8 - Adrian Smith)
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

26-05-2015 07:50:02 Checkpoint by HitmanPro
28-05-2015 05:44:16 avast! antivirus system restore point
28-05-2015 12:24:19 Installed Sophos Virus Removal Tool.
06-06-2015 06:29:44 Windows Update
10-06-2015 08:18:28 Windows Update
22-06-2015 13:00:05 Scheduled Checkpoint
30-06-2015 11:25:44 Scheduled Checkpoint
08-07-2015 15:19:11 Scheduled Checkpoint
09-07-2015 01:21:40 Installed Motorola Device Manager
11-07-2015 05:36:15 Windows Update
15-07-2015 12:29:50 Windows Update
24-07-2015 20:27:30 Windows Update
28-07-2015 14:35:45 Windows Update
28-07-2015 14:41:32 Windows Update
30-07-2015 13:04:50 Checkpoint by HitmanPro
01-08-2015 22:40:06 Windows Update
05-08-2015 09:39:09 Windows Update
09-08-2015 04:32:53 Windows Update
09-08-2015 06:13:55 Windows Update
12-08-2015 13:18:13 Windows Update
13-08-2015 02:01:29 Windows Update
16-08-2015 08:45:24 Windows Update
19-08-2015 19:50:44 Windows Update
20-08-2015 19:33:18 Windows Update
21-08-2015 08:05:19 Windows Update
25-08-2015 07:50:52 Windows Update
28-08-2015 15:01:45 Windows Update
01-09-2015 00:00:56 Windows Update
06-09-2015 07:26:46 Windows Update
09-09-2015 11:22:13 Windows Update
11-09-2015 05:55:31 Windows Update
26-09-2015 01:28:58 Scheduled Checkpoint
06-10-2015 10:46:14 Scheduled Checkpoint
06-10-2015 21:24:28 Windows Update
16-10-2015 08:09:49 Windows Update
28-10-2015 19:57:25 Scheduled Checkpoint
12-11-2015 22:44:07 Windows Update
21-11-2015 01:50:59 EasyTether
21-11-2015 01:52:39 Device Driver Package Install: Mobile Stream Network adapters
21-11-2015 01:53:40 Device Driver Package Install: Mobile Stream Android Phone

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2013-09-12 00:11 - 00000027 ____N C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {078EADE2-3FCB-4B71-8579-9EBADA2F1AAD} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {1A84C7A5-9668-473D-94D5-8D23B9FE339D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {36958DB7-AE81-4942-936A-2C3D4761A869} - \Koala Personal Search-chromeinstaller -> No File <==== ATTENTION
Task: {38644701-9970-42EE-BDAF-6A2EB8C8FE09} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {6BAB96C1-2AC1-44C5-88A1-7DC787194040} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {77F1E1E9-21F7-46E7-AA01-E7A3583D0709} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {78C12455-015A-46E7-A9BA-AC681B6495B7} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {9BF17B71-C0D7-4CE9-8E0C-D3804E740707} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-12] (Adobe Systems Incorporated)
Task: {BD56224C-FFCD-4372-8730-650675E268E2} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {C36DA55D-15A3-4229-BD78-7D9ED0BDDA83} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {C7240926-7FF1-436B-860E-EAE50947053F} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {D02900DF-08FA-4557-B459-BD2ABCC8D6D2} - System32\Tasks\{1FFCA19D-6203-4AF0-AE75-EAAF5B4BEBD2} => pcalua.exe -a "C:\Program Files (x86)\Koala Personal Search\Uninstall.exe" -c /fromcontrolpanel=1
Task: {D0B4AEB4-47DA-4A0E-ACDA-DA5352E257F5} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {E10B9874-D94D-4F92-8B7E-7D26AA1FA13B} - System32\Tasks\{B99858ED-212A-4306-A9D3-E85414F4A59B} => pcalua.exe -a "G:\PdaNet for Android\drvins.exe" -d "G:\PdaNet for Android"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-01-05 13:53 - 2011-01-05 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-06-08 15:57 - 2011-06-08 15:57 - 02812776 _____ () C:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2011-04-04 20:18 - 2011-04-04 20:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 18:18 - 2010-11-18 18:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-15 16:19 - 2010-12-15 16:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-01-05 13:53 - 2011-01-05 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-22 20:22 - 2011-02-22 20:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-12-08 16:42 - 2010-12-08 16:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-06-21 22:12 - 2010-09-01 00:11 - 00473616 _____ () C:\Users\Owner\Desktop\Documents\Leo Docs\PdaNet for Android\PdaNetPC.exe
2014-04-07 08:31 - 2014-04-07 08:31 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2011-08-28 20:15 - 2004-09-09 16:13 - 00364544 ____N () C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\pxl_m17n_tool.dll
2015-05-20 21:53 - 2015-05-20 21:53 - 01777664 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtCore4.dll
2015-05-20 22:00 - 2015-05-20 22:00 - 01224704 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGCore.dll
2015-05-20 22:00 - 2015-05-20 22:00 - 00290816 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGUtils.DLL
2015-05-20 22:00 - 2015-05-20 22:00 - 00631808 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGMath.dll
2015-05-20 22:01 - 2015-05-20 22:01 - 01393664 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
2015-05-20 22:01 - 2015-05-20 22:01 - 00751104 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
2015-05-20 22:01 - 2015-05-20 22:01 - 03105280 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
2015-05-20 22:01 - 2015-05-20 22:01 - 00059392 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
2015-05-20 22:01 - 2015-05-20 22:01 - 00519168 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
2015-05-20 23:11 - 2015-05-20 23:11 - 17660744 _____ () C:\Program Files (x86)\Google\Google Earth\client\googleearth_free.dll
2015-05-20 22:00 - 2015-05-20 22:00 - 00726016 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGExportCommon.dll
2015-05-20 22:00 - 2015-05-20 22:00 - 01050624 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGOpt.dll
2015-05-20 22:07 - 2015-05-20 22:07 - 00015872 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemyext.dll
2015-05-20 21:53 - 2015-05-20 21:53 - 07877632 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtWebKit4.dll
2015-05-20 21:53 - 2015-05-20 21:53 - 06174208 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtGui4.dll
2015-05-20 21:53 - 2015-05-20 21:53 - 00518656 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtNetwork4.dll
2015-05-20 23:11 - 2015-05-20 23:11 - 00093000 _____ () C:\Program Files (x86)\Google\Google Earth\client\ge_expat.dll
2015-05-20 21:53 - 2015-05-20 21:53 - 00018944 _____ () C:\Program Files (x86)\Google\Google Earth\client\imageformats\qgif4.dll
2015-05-20 21:53 - 2015-05-20 21:53 - 00158208 _____ () C:\Program Files (x86)\Google\Google Earth\client\imageformats\qjpeg4.dll
2015-05-20 22:00 - 2015-05-20 22:00 - 00145408 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EasyTether => "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: Tango => C:\Program Files (x86)\Tango\Tango.exe -r

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D89B4249-AEFD-43CE-8CF1-4DA16421D4BE}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5CA62A8F-823E-4F77-8AAA-BD7BDB53F716}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{CD9E211A-684A-439E-9A74-9BC719CA228C}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{F85B5DE2-EBCA-4965-9CE4-F62BD4325396}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{E94F604C-75EF-4A02-93E1-0D6A5431B158}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{903DD960-4DD2-4019-9291-ABA6FF78CE7F}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [{A7985827-5999-451A-88FB-359D062853B1}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{14062F6F-C947-4F7B-8B57-8D1CEB52E1F2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{AEAD5A9B-38E9-42F5-A345-595AC13B9C13}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2015 00:20:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2043

Error: (11/22/2015 00:20:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2043

Error: (11/22/2015 00:20:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/22/2015 00:20:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

Error: (11/22/2015 00:20:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045

Error: (11/22/2015 00:20:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/22/2015 10:59:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 113453302

Error: (11/22/2015 10:59:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 113453302

Error: (11/22/2015 10:59:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/22/2015 10:59:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 113452288

System errors:
=============
Error: (11/23/2015 11:25:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/23/2015 11:25:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/23/2015 11:01:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (11/20/2015 10:21:58 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/20/2015 10:21:58 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:23:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (11/14/2015 09:01:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (11/14/2015 09:01:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/08/2015 02:02:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (11/08/2015 02:02:42 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

CodeIntegrity:
===================================
  Date: 2014-10-18 15:53:52.266
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-18 15:53:52.146
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-12 01:09:12.068
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-12 01:09:11.990
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 44%
Total physical RAM: 6050.69 MB
Available physical RAM: 3366.5 MB
Total Virtual: 12099.59 MB
Available Virtual: 8408 MB

==================== Drives ================================

Drive c: (TI106151W0F) (Fixed) (Total:580.59 GB) (Free:274.56 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 637CA5D8)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=580.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.1 GB) - (Type=17)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 LJN

LJN
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 23 November 2015 - 01:03 PM

Attached File  Addition_23-11-2015_11-49-38.txt   35.16KB   1 downloads



#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 PM

Posted 23 November 2015 - 01:12 PM

Hello LJN and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
    
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 PM

Posted 23 November 2015 - 01:49 PM

Hi LJN,

Do you use
Yahoo Messenger


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 PM

Posted 23 November 2015 - 03:15 PM

Hi LJN,

 

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Best Buy pc app
Koala Personal Search

Yahoo!\Messenger

Now PC restart,

===================================

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   4.75KB   13 downloads   and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   7 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 LJN

LJN
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 24 November 2015 - 02:10 PM

Best buy and yahoo messenger do not show up in my control panel to delete. I have tried to remove Koala several times but im not allowed to. I am logged on as administrator. Can I proceed with your instructions with Koala still on my lap top? I do know that Koala was loaded on my pc some time ago without my permission.

 

 

Best Buy pc app
Koala Personal Search

Yahoo!\Messenger



#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 PM

Posted 24 November 2015 - 07:39 PM

Okay, Please do the steps


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 LJN

LJN
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 24 November 2015 - 11:48 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by Owner (administrator) on OWNER-PC (24-11-2015 22:25:10)
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6JM2O32
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mobile Stream) C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
() C:\Users\Owner\Desktop\Documents\Leo Docs\PdaNet for Android\PdaNetPC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_245_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-03-02] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-05] (Google Inc.)
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk [2011-08-28]
ShortcutTarget: Camera Monitor HD.lnk -> C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5335E327-C6C4-435D-A620-44AC2990D064}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1536234192-1293814445-1674301984-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1536234192-1293814445-1674301984-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_enUS437
SearchScopes: HKU\S-1-5-21-1536234192-1293814445-1674301984-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_en
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1536234192-1293814445-1674301984-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://200.36.58.250/activex/AMC.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-12] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-12] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2015-11-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2015-11-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn => not found

Chrome:
=======
CHR NewTab: Default -> "chrome-extension://eihhgekonheiliaidomffpplfhecmkag/newtab.html"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-12-28]
CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-27]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.5.14\N360.exe [282016 2015-11-12] (Symantec Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-24] (TOSHIBA Corporation) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [22728 2015-05-04] (Mobile Stream)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-19] (Symantec Corporation)
U3 EraserUtilDrv11520; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11520.sys [157520 2015-11-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20151124.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151124.021\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151124.021\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-10-28] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-10-28] (RapidSolution Software AG)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00E\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00E\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\N360x64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 TuneConvertAudio; C:\Windows\System32\drivers\TuneConvertAudio.sys [34040 2011-10-05] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-23 11:47 - 2015-11-24 22:25 - 00000000 ____D C:\FRST
2015-11-21 01:58 - 2015-11-21 01:58 - 00000000 ____D C:\Users\Owner\.android
2015-11-21 01:52 - 2015-11-21 01:52 - 00002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTether.lnk
2015-11-21 01:52 - 2015-11-21 01:52 - 00000000 ____D C:\Program Files\Mobile Stream
2015-11-21 01:52 - 2015-05-04 18:04 - 00022728 _____ (Mobile Stream) C:\windows\system32\Drivers\easytthr.sys
2015-11-21 01:51 - 2015-11-21 01:51 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-12 21:45 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-12 21:45 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-12 21:45 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-12 21:45 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-12 21:45 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-12 21:45 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-11-12 21:45 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-11-12 21:45 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-12 21:45 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-11-12 21:45 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-12 21:45 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-11-12 21:45 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-12 21:45 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-12 21:45 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-12 21:45 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-11-12 21:45 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-12 21:44 - 2015-11-03 16:10 - 00390344 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-11-12 21:44 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-11-12 21:44 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-12 21:44 - 2015-10-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-11-12 21:44 - 2015-10-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-11-12 21:44 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-12 21:44 - 2015-10-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-11-12 21:44 - 2015-10-30 17:25 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-11-12 21:44 - 2015-10-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-11-12 21:44 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-12 21:44 - 2015-10-30 17:24 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-11-12 21:44 - 2015-10-30 17:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-11-12 21:44 - 2015-10-30 17:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-11-12 21:44 - 2015-10-30 17:13 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-11-12 21:44 - 2015-10-30 17:12 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-11-12 21:44 - 2015-10-30 17:12 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-11-12 21:44 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-12 21:44 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-12 21:44 - 2015-10-30 17:11 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-11-12 21:44 - 2015-10-30 17:04 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-11-12 21:44 - 2015-10-30 17:01 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-11-12 21:44 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-11-12 21:44 - 2015-10-30 16:53 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-11-12 21:44 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-12 21:44 - 2015-10-30 16:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-11-12 21:44 - 2015-10-30 16:49 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-11-12 21:44 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-12 21:44 - 2015-10-30 16:46 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-11-12 21:44 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-11-12 21:44 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-11-12 21:44 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-11-12 21:44 - 2015-10-30 16:44 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-11-12 21:44 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-11-12 21:44 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-12 21:44 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-11-12 21:44 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-11-12 21:44 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-11-12 21:44 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-12 21:44 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-11-12 21:44 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-11-12 21:44 - 2015-10-30 16:34 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-11-12 21:44 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-12 21:44 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-12 21:44 - 2015-10-30 16:29 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-11-12 21:44 - 2015-10-30 16:29 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-11-12 21:44 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-11-12 21:44 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-12 21:44 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-12 21:44 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-11-12 21:44 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-11-12 21:44 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-11-12 21:44 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-12 21:44 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-11-12 21:44 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-12 21:44 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-11-12 21:44 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-12 21:44 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-12 21:44 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-11-12 21:44 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-11-12 21:44 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-12 21:44 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-12 21:44 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-12 21:44 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-12 21:44 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-12 21:44 - 2015-10-19 19:12 - 05570496 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-12 21:44 - 2015-10-19 19:12 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-12 21:44 - 2015-10-19 19:12 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-11-12 21:44 - 2015-10-19 19:09 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-11-12 21:44 - 2015-10-19 19:06 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-11-12 21:44 - 2015-10-19 19:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-11-12 21:44 - 2015-10-19 19:06 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-11-12 21:44 - 2015-10-19 19:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-11-12 21:44 - 2015-10-19 19:05 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-11-12 21:44 - 2015-10-19 19:05 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-11-12 21:44 - 2015-10-19 19:05 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-11-12 21:44 - 2015-10-19 19:04 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-11-12 21:44 - 2015-10-19 19:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-11-12 21:44 - 2015-10-19 19:04 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-11-12 21:44 - 2015-10-19 19:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-11-12 21:44 - 2015-10-19 18:59 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-11-12 21:44 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-11-12 21:44 - 2015-10-19 18:48 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-11-12 21:44 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-11-12 21:44 - 2015-10-19 18:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-11-12 21:44 - 2015-10-19 18:44 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-11-12 21:44 - 2015-10-19 18:44 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-11-12 21:44 - 2015-10-19 18:44 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-11-12 21:44 - 2015-10-19 18:44 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-11-12 21:44 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-11-12 21:44 - 2015-10-19 18:44 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-11-12 21:44 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-11-12 21:44 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 17:41 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-12 21:44 - 2015-10-19 17:40 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-11-12 21:44 - 2015-10-19 17:40 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-12 21:44 - 2015-10-19 17:29 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-11-12 21:44 - 2015-10-19 17:29 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-11-12 21:44 - 2015-10-19 17:27 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 17:27 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 17:27 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-12 21:44 - 2015-10-19 17:27 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-12 21:44 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-12 21:44 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-12 21:44 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-12 21:44 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-12 21:44 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-12 21:43 - 2015-11-03 11:55 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-12 21:43 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-11-12 21:43 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-11-12 21:43 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-11-12 21:43 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-11-12 21:43 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-11-12 21:43 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-11-12 21:43 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-11-12 21:43 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-11-12 21:43 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-11-12 21:43 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-11-12 21:43 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-11-08 00:08 - 2015-11-08 00:08 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-07 20:37 - 2015-11-07 20:37 - 00000754 _____ C:\Users\Owner\Desktop\Start Emsisoft Emergency Kit.lnk
2015-11-07 20:36 - 2015-11-07 20:37 - 00000000 ____D C:\EEK
2015-11-07 01:04 - 2015-11-07 01:04 - 00000000 ____D C:\Users\Owner\AppData\Local\CEF
2015-11-06 15:05 - 2015-11-12 10:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-06 15:05 - 2015-11-06 15:05 - 00002018 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-29 05:14 - 2015-10-29 05:14 - 00000000 ____D C:\Users\Owner\AppData\Local\{04EF6351-C901-4D22-B5AD-F0295C53774B}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-24 22:23 - 2011-06-05 07:33 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-24 22:10 - 2009-07-13 22:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-24 22:10 - 2009-07-13 22:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-24 22:02 - 2012-12-20 21:16 - 00000256 _____ C:\windows\Tasks\HP Photo Creations Messager.job
2015-11-24 22:02 - 2012-04-01 23:33 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-24 22:02 - 2011-06-05 07:15 - 01578968 _____ C:\windows\WindowsUpdate.log
2015-11-24 12:40 - 2011-06-05 07:33 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-21 01:58 - 2011-06-21 10:57 - 00000000 ____D C:\Users\Owner
2015-11-21 01:55 - 2009-07-13 22:51 - 00161482 _____ C:\windows\setupact.log
2015-11-20 21:50 - 2009-07-13 23:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-19 19:27 - 2014-07-22 15:00 - 00000000 ____D C:\windows\system32\Drivers\N360x64
2015-11-13 06:49 - 2012-07-28 21:33 - 00000000 ____D C:\Temp
2015-11-13 06:48 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-13 06:48 - 2009-07-13 22:45 - 00341616 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-12 23:33 - 2013-07-31 07:42 - 00000000 ____D C:\windows\system32\MRT
2015-11-12 23:28 - 2011-06-25 08:50 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-12 23:24 - 2011-11-24 18:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-12 22:51 - 2011-06-23 19:40 - 00775124 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-12 22:45 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-12 11:27 - 2012-04-01 23:33 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-12 11:27 - 2012-04-01 23:33 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-12 11:27 - 2011-07-13 10:50 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-07 12:31 - 2010-11-20 21:47 - 01319216 _____ C:\windows\PFRO.log
2015-11-07 12:05 - 2012-09-05 00:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-11-07 11:32 - 2014-12-14 17:29 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-07 11:31 - 2013-08-12 16:11 - 00000000 ____D C:\Users\Owner\Desktop\Documents\House Info
2015-11-07 01:04 - 2014-08-22 09:01 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2015-11-06 15:05 - 2015-01-01 13:13 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-06 15:05 - 2011-04-06 20:52 - 00000000 ____D C:\ProgramData\Adobe
2015-11-06 15:05 - 2011-04-06 20:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-02 00:25 - 2011-06-21 15:56 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2015-10-31 10:28 - 2015-01-02 13:38 - 00101572 _____ C:\Users\Owner\Desktop\Checkbook 2015.xlsx
2015-10-30 03:29 - 2015-03-17 00:36 - 00030818 _____ C:\Users\Owner\Desktop\2015 Lawns Service.xlsx
2015-10-30 03:29 - 2011-12-17 22:57 - 00000000 ____D C:\Users\Owner\Desktop\Documents\Leo Docs

==================== Files in the root of some directories =======

2014-11-15 09:12 - 2014-11-15 09:12 - 6000640 _____ () C:\Program Files (x86)\GUT4231.tmp
2013-01-11 14:13 - 2013-01-11 14:13 - 0022464 _____ (Intel Corporation) C:\Users\Owner\AppData\Roaming\JomCap.dll
2012-03-25 09:12 - 2012-03-25 09:12 - 0005120 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-29 17:28 - 2012-07-29 17:28 - 0003284 _____ () C:\Users\Owner\AppData\Local\Q$_140066.ENU_SoftGridUserSettings_S-1-5-21-1536234192-1293814445-1674301984-1000_settings.cp.temp
2013-02-14 12:54 - 2013-02-14 12:54 - 2250054 _____ () C:\ProgramData\1.bmp
2013-02-14 12:54 - 2013-02-14 12:54 - 0350795 _____ () C:\ProgramData\1.jpg
2012-12-20 21:13 - 2012-12-20 21:13 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-21 03:24

==================== End of FRST.txt ============================



#9 LJN

LJN
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 24 November 2015 - 11:57 PM

# AdwCleaner v5.022 - Logfile created 24/11/2015 at 22:50:50
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner_5.022.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [590 bytes] ##########



#10 LJN

LJN
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 25 November 2015 - 12:58 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by Owner (Administrator) on Tue 11/24/2015 at 23:01:53.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 5

Successfully deleted: C:\Users\Owner\AppData\Local\{04EF6351-C901-4D22-B5AD-F0295C53774B} (Empty Folder)
Successfully deleted: C:\Program Files (x86)\GUT4231.tmp (File)
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARMANAGER_32479C6A-70E3F988.pf (File)
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File)
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf (File)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/24/2015 at 23:05:08.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#11 LJN

LJN
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 25 November 2015 - 01:18 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by Owner (Administrator) on Tue 11/24/2015 at 23:01:53.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 5

Successfully deleted: C:\Users\Owner\AppData\Local\{04EF6351-C901-4D22-B5AD-F0295C53774B} (Empty Folder)
Successfully deleted: C:\Program Files (x86)\GUT4231.tmp (File)
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARMANAGER_32479C6A-70E3F988.pf (File)
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File)
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf (File)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/24/2015 at 23:05:08.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#12 LJN

LJN
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 25 November 2015 - 10:40 AM

Zoek.exe v5.0.0.1 Updated 22-November-2015
Tool run by Owner on Wed 11/25/2015 at  0:33:41.35.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Owner\Desktop\zoek.exe
Script used: C:\Users\Owner\Desktop\zoekscript.txt

===== Runcheck zoekscript.txt  0:33:55.25 =====

--- Create Environment Variables  0:33:56.81
--- Create System Restore Point  0:34:04.47
--- Checking Input  0:34:13.95
--- AU AppData Check  0:35:25.45
--- Remove From Windows Installer  0:35:30.27
--- Empty Folders Check  0:37:21.14
--- Registry HKLM Software Check  0:37:21.15
--- Quick Launch Shortcut Check  0:37:40.12
--- IE Startpage Check  0:37:47.67
--- Program Files DB Check  0:38:26.39
--- C:\Users\Default\AppData\Roaming DB Check  0:39:22.15
--- C:\Users\Default User\AppData\Roaming DB Check  0:39:22.15
--- C:\Users\Owner\AppData\Roaming DB Check  0:39:22.15
--- C:\windows\SysNative\config\systemprofile\AppData\Roaming DB Check  0:39:22.15
--- C:\windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check  0:39:22.15
--- C:\windows\serviceprofiles\networkservice\AppData\Roaming DB Check  0:39:22.15
--- C:\windows\serviceprofiles\Localservice\AppData\Roaming DB Check  0:39:22.15
--- C:\Users\Owner DB Check  0:42:10.72
--- C:\PROGRA~3 DB Check  0:42:32.37
--- C:\Users\Default\AppData\Local DB Check  0:42:48.67
--- C:\Users\Default User\AppData\Local DB Check  0:42:48.67
--- C:\Users\Owner\AppData\Local DB Check  0:42:48.67
--- C:\Users\Public\AppData\Local DB Check  0:42:48.67
--- C:\windows\SysNative\config\systemprofile\AppData\Local DB Check  0:42:48.67
--- C:\windows\sysWoW64\config\systemprofile\AppData\Local DB Check  0:42:48.67
--- C:\windows\serviceprofiles\networkservice\AppData\Local DB Check  0:42:48.67
--- C:\windows\serviceprofiles\Localservice\AppData\Local DB Check  0:42:48.67
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check  0:44:58.90
--- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check  0:45:11.24
--- Tasks DB Check  0:45:19.15
--- Downloads DB Check  0:45:24.49
--- C:\Users\Owner\AppData\LocalLow DB Check  0:45:29.49
--- C:\windows\SysNative\config\systemprofile\AppData\LocalLow DB Check  0:45:29.49
--- C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check  0:45:29.49
--- C:\windows\serviceprofiles\networkservice\AppData\LocalLow DB Check  0:45:29.49
--- C:\windows\serviceprofiles\Localservice\AppData\LocalLow DB Check  0:45:29.49
--- Tasks2 DB Check  0:46:28.03
--- Documents DB Check  0:47:06.85
--- C:\Users\Public\Desktop DB Check  0:47:17.73
--- C:\Users\Owner\Desktop DB Check  0:47:24.62
--- Services DB Check  0:47:36.14
--- FF prefs.js DB Check  0:48:07.63
--- Emptyclsid  0:48:08.88
--- Del by CLSID  0:48:13.25



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 PM

Posted 25 November 2015 - 11:25 AM

1. step, you must run the fixlist. Please try again run.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 LJN

LJN
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 25 November 2015 - 11:33 AM

ok, I do not understand how to run it. I saved it in the same file but it is a text file. When I open it there is just text.



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 PM

Posted 25 November 2015 - 11:46 AM

ok, I do not understand how to run it. I saved it in the same file but it is a text file. When I open it there is just text.

 

Click Fixlist.txt file
File > Save as >
File name:Fixlist
Save as type:All files
And save it on desktop. FRST software must be on desktop.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users