Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Invisible IE windows popping up


  • This topic is locked This topic is locked
6 replies to this topic

#1 sojackey

sojackey

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 07 February 2016 - 04:10 PM

Hi there,

Started a couple days ago, my computer would start off alright but as time goes on, the computer just keeps getting more and more sluggish. What I would do is restart the computer and what I would realize that when I restart, windows would dim the screen and do the usual "these things are still open, do you want to continue" which is where I would see a bunch of full screened windows with small ads that normally wasn't there when operating the computer. 

 

So I downloaded a trial version of Kaspersky to see what's going on. I've done the full scan and it removed two files but what Kaspersky consistently does is that it would show the pop up saying that it blocked "x" URL - meaning that I probably still have the problem.

 

I've also tried using HijackThis with their online log checker and closed several things to no avail. There was a suggestion along the way to using Spybot S&D in my Windows32 folder for anything malicious and as I type, it has found 1 infected file:

 

C:\Windows\System32\SPORDER.DLL // Status: webHancer // ID: CDB67336

 

 

Hoping that I'm describing the issue well enough.

 

Thank you as well in advance for being and continuing to be such a supportive group!  :thumbup2:

 

 

 

FRST.txt results:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Jackey (administrator) on JACKEY-PC (07-02-2016 15:54:01)
Running from D:\Downloads
Loaded Profiles: Jackey (Available Profiles: Jackey)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Jackey\AppData\Local\Apps\F.lux\flux.exe
(Akamai Technologies, Inc.) C:\Users\Jackey\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\YoloMouse\YoloMouse.exe
(Akamai Technologies, Inc.) C:\Users\Jackey\AppData\Local\Akamai\netsession_win.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M60 Mouse\CorsTra.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Corsair M60 Mouse] => C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe [1766912 2013-06-05] (Corsair Components  Inc)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\...\Run: [F.lux] => C:\Users\Jackey\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3128352 2013-06-25] (Disc Soft Ltd)
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jackey\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\...\Run: [Google Update] => C:\Users\Jackey\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\...\Run: [YoloMouse] => C:\Program Files\YoloMouse\YoloMouse.exe [133632 2014-10-14] ()
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\...\MountPoints2: {23563c15-e69f-11e4-bf0f-50e549eefa8b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\...\MountPoints2: {37d1f2ee-b0b6-11e4-9303-50e549eefa8b} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\...\MountPoints2: {a5d3d9ef-7841-11e5-a92f-50e549eefa8b} - E:\OnePlus_setup.exe /s
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\...\MountPoints2: {c90fc90d-c4d1-11e2-853b-50e549eefa8b} - "F:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5F8BFDC6-5C50-496A-ABB8-B9EC28E9F989}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U330&ocid=U330DHP&osmkt=en-us
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/Avast_WCP
URLSearchHook: HKLM-x32 - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-08] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\ssv.dll [2016-02-07] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\jp2ssv.dll [2016-02-07] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000 -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Jackey\AppData\Roaming\Mozilla\Firefox\Profiles\n54ad0fu.default-1434287588693
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files (x86)\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-02-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2014-10-19] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4057552258-2805822934-2815996333-1000: @hola.org/vlc,version=1.7.298 -> C:\Users\Jackey\AppData\Local\Hola\firefox\app\vlc [2015-04-11] ()
FF Plugin HKU\S-1-5-21-4057552258-2805822934-2815996333-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jackey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4057552258-2805822934-2815996333-1000: @talk.google.com/O1DPlugin -> C:\Users\Jackey\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-4057552258-2805822934-2815996333-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4057552258-2805822934-2815996333-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4057552258-2805822934-2815996333-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\Jackey\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jackey\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2016-02-07]
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Profile: C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Cast) - C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-13]
CHR Extension: (Google Search) - C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (AdBlock) - C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-04]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-03-27]
CHR Extension: (Skype) - C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Jackey\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx <not found>
CHR HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Jackey\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-12-07] (Kaspersky Lab ZAO)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-03-22] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-06-25] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3472368 2014-12-01] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1009392 2016-01-20] (Overwolf LTD)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S3 Atheros Traffic Shaping; C:\Program Files (x86)\Atheros ASAV\AthrTS6_x64.sys [33904 2011-08-17] ()
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-03-22] (BitRaider)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-09-15] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-04-20] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-07] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-12-07] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2015-12-07] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
R3 WIMBLEMS; C:\Windows\System32\drivers\WIMBLEMS.sys [25600 2012-03-27] ( )
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-07 15:53 - 2016-02-07 15:54 - 00000000 ____D C:\FRST
2016-02-07 15:28 - 2016-02-07 15:38 - 00000000 ____D C:\Users\Jackey\Desktop\backups
2016-02-07 15:03 - 2016-02-07 15:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jackey\Desktop\HijackThis.exe
2016-02-07 14:59 - 2016-02-07 14:59 - 05657667 _____ (Swearware) C:\Users\Jackey\Desktop\ComboFix.exe
2016-02-07 14:54 - 2016-02-07 15:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-07 14:54 - 2016-02-07 14:54 - 00002083 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2016-02-07 14:54 - 2016-02-07 14:54 - 00000000 ____D C:\Windows\ELAMBKUP
2016-02-07 14:54 - 2016-02-07 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-02-07 14:54 - 2016-02-07 14:54 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-02-07 14:54 - 2015-12-07 22:53 - 00940928 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-02-07 14:54 - 2015-12-07 22:53 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-02-07 14:54 - 2015-12-07 22:53 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-02-07 14:54 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-02-07 14:49 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2016-02-07 14:46 - 2016-02-07 14:46 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-07 14:46 - 2016-02-07 14:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-07 14:46 - 2016-02-07 14:46 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-07 14:46 - 2016-02-07 14:46 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-07 14:46 - 2016-02-07 14:46 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2016-02-07 14:46 - 2016-02-07 14:46 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2016-02-07 14:46 - 2016-02-07 14:46 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-07 14:46 - 2016-02-07 14:46 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-07 14:46 - 2016-02-07 14:46 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-02-07 14:46 - 2016-02-07 14:46 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2016-02-07 14:46 - 2016-02-07 14:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-07 14:46 - 2016-02-07 14:46 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-07 14:46 - 2016-02-07 14:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-07 14:45 - 2016-02-07 14:45 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-02-07 14:45 - 2016-02-07 14:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-02-07 14:45 - 2016-02-07 14:45 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-02-07 14:45 - 2016-02-07 14:45 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-02-07 14:45 - 2016-02-07 14:45 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-02-07 14:45 - 2016-02-07 14:45 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-02-07 14:45 - 2016-02-07 14:45 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2016-02-07 14:44 - 2016-02-07 14:44 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-02-07 14:44 - 2016-02-07 14:44 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-02-07 14:38 - 2016-02-07 14:38 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-02-07 14:37 - 2016-02-07 14:53 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-07 13:55 - 2016-02-07 14:38 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-07 13:55 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-01-31 17:20 - 2016-01-31 17:20 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2016-01-27 23:45 - 2015-12-18 01:11 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-01-27 23:45 - 2015-12-18 01:10 - 00099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-01-27 23:45 - 2015-12-18 01:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-01-20 17:41 - 2016-01-20 17:41 - 00240535 _____ C:\Users\Jackey\Desktop\RC145-Cheung Fat.pdf
2016-01-20 14:08 - 2016-01-20 14:09 - 00000000 ____D C:\Users\Jackey\AppData\Local\BDOCharacterCreator
2016-01-20 14:08 - 2016-01-20 14:08 - 00000532 _____ C:\Users\Public\Desktop\Black Desert Character Creator.lnk
2016-01-20 14:08 - 2016-01-20 14:08 - 00000532 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Black Desert Character Creator.lnk
2016-01-20 14:08 - 2016-01-20 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDOCharacterCreator
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-07 15:36 - 2013-07-27 00:27 - 00402344 _____ C:\Windows\system32\prfh0404.dat
2016-02-07 15:36 - 2013-07-27 00:27 - 00114298 _____ C:\Windows\system32\prfc0404.dat
2016-02-07 15:36 - 2013-07-27 00:26 - 00385242 _____ C:\Windows\system32\prfh0804.dat
2016-02-07 15:36 - 2013-07-27 00:26 - 00119212 _____ C:\Windows\system32\prfc0804.dat
2016-02-07 15:36 - 2013-07-27 00:24 - 00417918 _____ C:\Windows\system32\perfh011.dat
2016-02-07 15:36 - 2013-07-27 00:24 - 00121352 _____ C:\Windows\system32\perfc011.dat
2016-02-07 15:36 - 2009-07-14 00:13 - 02318010 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-07 15:36 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-07 15:35 - 2009-07-13 23:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-07 15:35 - 2009-07-13 23:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-07 15:34 - 2013-02-09 10:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-07 15:29 - 2013-01-01 12:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-07 15:29 - 2013-01-01 09:16 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-07 15:29 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-07 15:17 - 2014-12-21 11:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4057552258-2805822934-2815996333-1000UA.job
2016-02-07 15:16 - 2013-01-01 12:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-07 14:53 - 2013-05-04 09:49 - 00000000 ____D C:\Users\Jackey\AppData\Local\HTC MediaHub
2016-02-07 14:53 - 2013-01-01 20:39 - 00000000 ____D C:\Users\Jackey\AppData\Roaming\Skype
2016-02-07 14:51 - 2012-12-31 21:27 - 00001417 _____ C:\Users\Jackey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-07 14:51 - 2009-07-13 23:45 - 00416024 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-07 14:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-07 14:49 - 2013-04-11 18:03 - 00000000 ____D C:\Users\Jackey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-07 14:49 - 2013-04-11 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-07 14:49 - 2013-04-11 18:03 - 00000000 ____D C:\Program Files\WinRAR
2016-02-07 14:49 - 2013-03-22 18:18 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-02-07 14:43 - 2015-12-20 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-07 14:40 - 2015-10-28 22:07 - 00000000 ____D C:\Users\Jackey\.oracle_jre_usage
2016-02-07 14:40 - 2014-09-24 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-07 14:39 - 2013-08-18 10:48 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-07 14:39 - 2013-08-18 10:48 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-07 14:36 - 2013-02-17 18:22 - 00332330 _____ C:\Windows\ntbtlog.txt
2016-02-07 14:01 - 2013-01-15 21:26 - 00000000 ____D C:\Users\Jackey\AppData\Roaming\vlc
2016-02-07 13:55 - 2015-03-08 11:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-07 12:12 - 2013-01-01 20:39 - 00000000 ____D C:\ProgramData\Skype
2016-02-07 12:09 - 2013-08-26 00:27 - 00007603 _____ C:\Users\Jackey\AppData\Local\Resmon.ResmonCfg
2016-02-07 09:11 - 2013-01-15 21:00 - 00000000 ____D C:\Users\Jackey\AppData\LocalLow\Temp
2016-02-06 19:17 - 2014-12-21 11:39 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4057552258-2805822934-2815996333-1000Core.job
2016-02-04 23:17 - 2013-01-01 12:55 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-04 23:00 - 2009-07-14 00:08 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-03 00:38 - 2013-12-26 13:48 - 00000000 ____D C:\Users\Jackey\AppData\Roaming\uTorrent
2016-02-02 18:33 - 2015-12-19 10:47 - 00000000 ____D C:\Users\Jackey\AppData\LocalLow\uTorrent
2016-02-02 18:11 - 2013-01-01 12:55 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 18:11 - 2013-01-01 12:55 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 19:12 - 2014-12-21 11:39 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4057552258-2805822934-2815996333-1000UA
2016-02-01 19:12 - 2014-12-21 11:39 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4057552258-2805822934-2815996333-1000Core
2016-01-30 21:48 - 2015-03-22 21:48 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-01-29 19:54 - 2014-08-24 07:19 - 00000000 ____D C:\Users\Jackey\AppData\Local\Glyph
2016-01-29 19:54 - 2014-08-24 07:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2016-01-29 19:54 - 2014-08-24 07:19 - 00000000 ____D C:\ProgramData\Glyph
2016-01-27 23:45 - 2013-06-08 09:31 - 00000000 ____D C:\Users\Jackey\AppData\Local\NVIDIA
2016-01-27 23:45 - 2013-01-01 09:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-20 19:15 - 2015-02-19 00:08 - 00000000 ____D C:\Users\Jackey\AppData\Local\Steam
2016-01-20 14:11 - 2015-12-21 00:12 - 00000000 ____D C:\Users\Jackey\Documents\Black Desert
2016-01-20 14:08 - 2013-01-01 09:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-20 10:34 - 2013-02-09 10:23 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-20 10:34 - 2013-01-08 20:26 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 10:34 - 2013-01-08 20:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-14 23:40 - 2015-11-15 13:46 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 23:40 - 2015-11-15 13:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-14 23:32 - 2014-09-25 16:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-11 23:41 - 2014-06-04 19:02 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-01-11 23:41 - 2013-10-28 22:38 - 01542600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-01-11 23:40 - 2015-12-01 23:00 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-01-11 23:40 - 2014-06-04 19:02 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-01-11 23:40 - 2013-10-28 22:38 - 01860120 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
 
==================== Files in the root of some directories =======
 
2014-01-16 23:08 - 2014-01-16 23:08 - 0020480 _____ () C:\Program Files (x86)\1033.MST
2015-02-19 17:56 - 2015-02-19 17:56 - 1065984 _____ () C:\Users\Jackey\AppData\Local\file__0.localstorage
2013-08-26 00:27 - 2016-02-07 12:09 - 0007603 _____ () C:\Users\Jackey\AppData\Local\Resmon.ResmonCfg
2013-01-01 09:53 - 2013-01-01 12:26 - 0008464 _____ () C:\ProgramData\log.doc
2013-01-01 09:53 - 2013-01-01 12:26 - 0001368 _____ () C:\ProgramData\updateinfo.txt
 
Some files in TEMP:
====================
C:\Users\Jackey\AppData\Local\Temp\_is45B6.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-30 13:37
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:14 PM

Posted 08 February 2016 - 11:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
URLSearchHook: HKLM-x32 - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
Toolbar: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000 -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
FF Plugin HKU\S-1-5-21-4057552258-2805822934-2815996333-1000: @hola.org/vlc,version=1.7.298 -> C:\Users\Jackey\AppData\Local\Hola\firefox\app\vlc [2015-04-11] ()
FF Plugin HKU\S-1-5-21-4057552258-2805822934-2815996333-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Jackey\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Jackey\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx <not found>
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
C:\Users\Jackey\AppData\Local\Temp\_is45B6.exe
C:\Users\Jackey\AppData\Local\Hola

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218072F0}) (Version: 8.0.720.15 - Oracle Corporation)

Please post the logs and let me know what problem persists.

#3 sojackey

sojackey
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 08 February 2016 - 06:25 PM

Update: Google chrome continues to show my connection as not private after the cleaning steps and hence I cannot surf the web. I do however still have an internet connection (I can still play games for example).

The main problem still persists as Kaspersky continues to "block malicious link". I can, for some reason, access bleeping computer from the infected machine.

 

 

Hi nasdaq,

Thank you so much for the quick reply!

So, I've tried the above steps and after completion, my internet would just mess up and not let me connect anywhere. Google Chrome, no matter what site I entered, warned me that my connection may not be secure and just would not let me go anywhere.

 

Even as I connect now, there are some links that would give me that error, like the Adwcleaner link you have. What I do notice is that I have Java 8 Update 65 which I will attempt to remove. However, I will post this reply first in case I don't get connection again.

 

But here is what I have below anyways on the logs:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Jackey (2016-02-08 17:56:06) Run:1
Running from D:\Downloads
Loaded Profiles: Jackey (Available Profiles: Jackey)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
URLSearchHook: HKLM-x32 - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
Toolbar: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000 -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
FF Plugin HKU\S-1-5-21-4057552258-2805822934-2815996333-1000: @hola.org/vlc,version=1.7.298 -> C:\Users\Jackey\AppData\Local\Hola\firefox\app\vlc [2015-04-11] ()
FF Plugin HKU\S-1-5-21-4057552258-2805822934-2815996333-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Jackey\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Jackey\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx <not found>
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usj; \??\C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jackey\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
C:\Users\Jackey\AppData\Local\Temp\_is45B6.exe
C:\Users\Jackey\AppData\Local\Hola
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found. 
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => value removed successfully
"HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found. 
HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => value removed successfully
HKCR\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6} => key not found. 
"HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\Software\MozillaPlugins\@hola.org/vlc,version=1.7.298" => key removed successfully
FF Plugin HKU\S-1-5-21-4057552258-2805822934-2815996333-1000: @hola.org/vlc,version=1.7.298 -> C:\Users\Jackey\AppData\Local\Hola\firefox\app\vlc [2015-04-11] () => not found.
"HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin" => key removed successfully
C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
"HKU\S-1-5-21-4057552258-2805822934-2815996333-1000\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda" => key removed successfully
EagleX64 => service removed successfully
hxsyol => service removed successfully
klkbdflt2 => Unable to stop service.
klkbdflt2 => service could not remove
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
usj => service removed successfully
VGPU => service removed successfully
xhunter1 => service removed successfully
"HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-4057552258-2805822934-2815996333-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
C:\Users\Jackey\AppData\Local\Temp\_is45B6.exe => moved successfully
C:\Users\Jackey\AppData\Local\Hola => moved successfully
EmptyTemp: => 2.2 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 17:57:21 ====
 
 
# AdwCleaner v5.033 - Logfile created 08/02/2016 at 18:04:16
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Jackey - JACKEY-PC
# Running from : D:\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Users\Jackey\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Jackey\AppData\LocalLow\PriceGong
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
[-] Key Deleted : HKCU\Software\BI
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Hola
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : [x64] HKLM\SOFTWARE\Hola
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : veoh.com
[-] [C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ejpbbhjlbipncjklfjjaedaieimbmdda
[-] [C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\Jackey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3266 bytes] ##########
 

Edited by sojackey, 08 February 2016 - 07:51 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:14 PM

Posted 09 February 2016 - 07:21 AM

connection may not be secure


Try the suggested fix on this page.

https://support.google.com/chrome/answer/6098869?hl=en

#5 sojackey

sojackey
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 12 February 2016 - 02:36 PM

Hi nasdaq,

Issue persists with the steps followed.

Decision has been made to completely wipe.

 

Still appreciate the help! Please close topic.

 

Thanks



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:14 PM

Posted 12 February 2016 - 03:47 PM

Good luck.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:14 PM

Posted 12 February 2016 - 03:47 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users