Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Up Software - Spyhunter


  • This topic is locked This topic is locked
15 replies to this topic

#1 anthonyp

anthonyp

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 02 March 2016 - 09:50 PM

When i use the internet i get the following Popup... when i google the 855 number it goes to bleepingcomputer hater Spyhunter... so i know this is not good. 

I search some forums but could not find something just like this....

Webroot doesnt kill it... adaware does not kill it...

I am sure you guys have a fix i just don't know what i am looking for.

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 02 March 2016 - 10:02 PM

Greetings anthonyp and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • FRST results
  • Addition log
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 anthonyp

anthonyp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 03 March 2016 - 10:48 AM

Thanks for your help.  It took for ever because the ransom ware kept hijacking me in the process.  

I tried to upload the system file but it said error i could not attach that type of file...

im not computer literate so i just tried something else.

 

 

 

# AdwCleaner v5.037 - Logfile created 03/03/2016 at 08:40:17
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : lori - LORI-PC
# Running from : C:\Users\lori\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\DNS Unlocker
[-] Folder Deleted : C:\Program Files (x86)\OneSystemCare
[-] Folder Deleted : C:\ProgramData\Essentware
[-] Folder Deleted : C:\ProgramData\05a9a0e6-1bb3-1
[-] Folder Deleted : C:\ProgramData\05a9a0e6-5273-0
[-] Folder Deleted : C:\ProgramData\d8d8e11c-1455-0
[-] Folder Deleted : C:\ProgramData\d8d8e11c-5da1-0
[-] Folder Deleted : C:\ProgramData\{05985cea-312c-0}
[-] Folder Deleted : C:\ProgramData\{0efe9a67-412c-1}
[-] Folder Deleted : C:\Users\lori\AppData\Local\Essentware
[-] Folder Deleted : C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : LaunchPreSignup
[-] Task Deleted : DNSROSEVILLE
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{990F7D4F-09EF-47DF-9ABE-BAF2DCCF5C4B}
[-] Key Deleted : HKCU\Software\darwendlm
[-] Key Deleted : HKCU\Software\Essentware
[-] Key Deleted : HKCU\Software\ICSW1.17
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Essentware
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D7EB4ECF-A9B3-4432-A071-C05F8499F23F} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{D7EB4ECF-A9B3-4432-A071-C05F8499F23F} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{D7EB4ECF-A9B3-4432-A071-C05F8499F23F} [NameServer]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nps.pastaleads.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pastaleads.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markit.co
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markit00.re-markit.co
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PCKeeperLive]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [3782 bytes] - [03/03/2016 08:40:17]
C:\AdwCleaner\AdwCleaner[S1].txt - [3728 bytes] - [03/03/2016 08:38:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3928 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64 
Ran by lori (Administrator) on Thu 03/03/2016 at  8:47:55.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 26 
 
Successfully deleted: C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal (File) 
Successfully deleted: C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage (File) 
Successfully deleted: C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EHZYRBB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJDXU88E (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MM5O9XQS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OY9TAPKY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMMR5K9K (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJUQL1C (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLM12LM2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9OHK109 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EHZYRBB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GJDXU88E (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MM5O9XQS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OY9TAPKY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMMR5K9K (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJUQL1C (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLM12LM2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9OHK109 (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/03/2016 at  8:50:06.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016
Ran by lori (administrator) on LORI-PC (03-03-2016 08:51:51)
Running from C:\Users\lori\Downloads
Loaded Profiles: lori (Available Profiles: lori)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Ellie Mae, Inc.) C:\Program Files (x86)\Ellie Mae\SCAppMgr\SCAppMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-31] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [873072 2016-02-29] (Webroot)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Run: [BingSvc] => C:\Users\lori\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-16] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Run: [NowUSeeIt Player] => "C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe" /autostart=1
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\Root\Office15\lync.exe [24074960 2016-02-23] (Microsoft Corporation)
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll [2016-02-29] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll [2016-02-29] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll [2016-02-29] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll [2016-02-29] (Webroot)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-02-23]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.48.14.1
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{D7EB4ECF-A9B3-4432-A071-C05F8499F23F}: [DhcpNameServer] 10.48.14.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutA0C0DzytB0ByC0DyBtBtDtC0FyDtAtAtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzytAyEyByDzztGtByCzy0BtG0EtBtB0AtGtAyE0D0EtGtBzzyCtAyByEyEyCtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0DyBtAtB0EyCzztG0CzyzytAtGyEzzyCyCtGzztA0D0DtG0A0A0B0CyB0A0F0AyC0F0FtB2QtN0A0LzutB%26cr%3D1004881167%26a%3Dwncy_mdaffmarmarie_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutA0C0DzytB0ByC0DyBtBtDtC0FyDtAtAtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzytAyEyByDzztGtByCzy0BtG0EtBtB0AtGtAyE0D0EtGtBzzyCtAyByEyEyCtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0DyBtAtB0EyCzztG0CzyzytAtGyEzzyCyCtGzztA0D0DtG0A0A0B0CyB0A0F0AyC0F0FtB2QtN0A0LzutB%26cr%3D1004881167%26a%3Dwncy_mdaffmarmarie_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutA0C0DzytB0ByC0DyBtBtDtC0FyDtAtAtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzytAyEyByDzztGtByCzy0BtG0EtBtB0AtGtAyE0D0EtGtBzzyCtAyByEyEyCtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0DyBtAtB0EyCzztG0CzyzytAtGyEzzyCyCtGzztA0D0DtG0A0A0B0CyB0A0F0AyC0F0FtB2QtN0A0LzutB%26cr%3D1004881167%26a%3Dwncy_mdaffmarmarie_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutA0C0DzytB0ByC0DyBtBtDtC0FyDtAtAtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzytAyEyByDzztGtByCzy0BtG0EtBtB0AtGtAyE0D0EtGtBzzyCtAyByEyEyCtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0DyBtAtB0EyCzztG0CzyzytAtGyEzzyCyCtGzztA0D0DtG0A0A0B0CyB0A0F0AyC0F0FtB2QtN0A0LzutB%26cr%3D1004881167%26a%3Dwncy_mdaffmarmarie_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1092379027-1265070550-2546060611-1001 -> {9A7BCFED-AEF8-43BB-92A5-B4BCAC03F167} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2016-02-23] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2016-03-03] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-04] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2016-02-23] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2016-03-03] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-01-04] (Google Inc.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2016-02-23] (Webroot)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-01-04] (Google Inc.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2016-02-23] (Webroot)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-29] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1092379027-1265070550-2546060611-1001: @citrixonline.com/appdetectorplugin -> C:\Users\lori\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-23] (Citrix Online)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_02&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutA0C0DzytB0ByC0DyBtBtDtC0FyDtAtAtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzytAyEyByDzztGtByCzy0BtG0EtBtB0AtGtAyE0D0EtGtBzzyCtAyByEyEyCtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0DyBtAtB0EyCzztG0CzyzytAtGyEzzyCyCtGzztA0D0DtG0A0A0B0CyB0A0F0AyC0F0FtB2QtN0A0LzutB%26cr%3D1004881167%26a%3Dwncy_mdaffmarmarie_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_02&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutA0C0DzytB0ByC0DyBtBtDtC0FyDtAtAtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzytAyEyByDzztGtByCzy0BtG0EtBtB0AtGtAyE0D0EtGtBzzyCtAyByEyEyCtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0DyBtAtB0EyCzztG0CzyzytAtGyEzzyCyCtGzztA0D0DtG0A0A0B0CyB0A0F0AyC0F0FtB2QtN0A0LzutB%26cr%3D1004881167%26a%3Dwncy_mdaffmarmarie_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mdaffmarmarie_16_02&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutA0C0DzytB0ByC0DyBtBtDtC0FyDtAtAtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDzzzytAyEyByDzztGtByCzy0BtG0EtBtB0AtGtAyE0D0EtGtBzzyCtAyByEyEyCtCyB0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0DyBtAtB0EyCzztG0CzyzytAtGyEzzyCyCtGzztA0D0DtG0A0A0B0CyB0A0F0AyC0F0FtB2QtN0A0LzutB%26cr%3D1004881167%26a%3Dwncy_mdaffmarmarie_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-23]
CHR Extension: (Google Docs) - C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-23]
CHR Extension: (Google Drive) - C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-02]
CHR Extension: (Google Search) - C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-16]
CHR Extension: (Webroot Filtering Extension) - C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-02-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-23]
CHR Extension: (Gmail) - C:\Users\lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-23]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] ()
R2 SCAppMgr; C:\Program Files (x86)\Ellie Mae\SCAppMgr\SCAppMgr.exe [47104 2016-03-03] (Ellie Mae, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [873072 2016-02-29] (Webroot)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.1; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-02-23] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [45592 2016-03-03] (Webroot)
U0 SR; no ImagePath
U2 srservice; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-03 08:51 - 2016-03-03 08:52 - 00028006 _____ C:\Users\lori\Downloads\FRST.txt
2016-03-03 08:51 - 2016-03-03 08:51 - 02371584 _____ (Farbar) C:\Users\lori\Downloads\FRST64.exe
2016-03-03 08:51 - 2016-03-03 08:51 - 00000000 ____D C:\FRST
2016-03-03 08:50 - 2016-03-03 08:50 - 01722368 _____ (Farbar) C:\Users\lori\Downloads\FRST.exe
2016-03-03 08:50 - 2016-03-03 08:50 - 00004818 _____ C:\Users\lori\Desktop\JRT.txt
2016-03-03 08:47 - 2016-03-03 08:47 - 01609216 _____ (Malwarebytes) C:\Users\lori\Downloads\JRT.exe
2016-03-03 08:42 - 2016-03-03 08:50 - 00000000 ____D C:\Users\lori\Desktop\virus
2016-03-03 08:38 - 2016-03-03 08:40 - 00000000 ____D C:\AdwCleaner
2016-03-03 08:38 - 2016-03-03 08:38 - 01518592 _____ C:\Users\lori\Downloads\AdwCleaner.exe
2016-03-03 08:26 - 2016-03-03 08:26 - 00966246 _____ C:\Users\lori\Downloads\AdwCleaner Setup.zip
2016-02-23 08:45 - 2016-02-23 08:45 - 00000000 ____D C:\Users\lori\AppData\Roaming\Lavasoft
2016-02-23 08:36 - 2016-03-03 08:42 - 00002335 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2016-02-23 08:36 - 2016-02-23 08:36 - 00000000 ____D C:\Users\lori\AppData\Roaming\LavasoftStatistics
2016-02-23 08:36 - 2016-02-23 08:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-02-23 08:35 - 2016-02-23 08:35 - 00000000 ____D C:\Program Files\Lavasoft
2016-02-23 08:34 - 2016-02-23 08:34 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-02-23 08:32 - 2016-02-23 08:34 - 00000000 ____D C:\Users\lori\AppData\LocalLow\LastPass
2016-02-23 08:32 - 2016-02-23 08:32 - 02085168 _____ C:\Users\lori\Downloads\Adaware_Installer.exe
2016-02-23 08:32 - 2016-02-23 08:32 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-23 08:31 - 2016-03-03 08:23 - 00045592 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2016-02-23 08:31 - 2016-02-23 08:31 - 00000000 ____D C:\Users\lori\AppData\Local\lptmp
2016-02-23 08:30 - 2016-03-03 08:42 - 00000000 ____D C:\ProgramData\WRData
2016-02-23 08:30 - 2016-02-29 09:22 - 00181688 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2016-02-23 08:30 - 2016-02-29 09:22 - 00117304 _____ (Webroot) C:\Windows\system32\WRusr.dll
2016-02-23 08:30 - 2016-02-23 08:31 - 00000000 ____D C:\Program Files\Webroot
2016-02-23 08:30 - 2016-02-23 08:30 - 00117728 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2016-02-23 08:30 - 2016-02-23 08:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2016-02-23 08:28 - 2016-02-23 08:29 - 00840768 _____ (Webroot) C:\Users\lori\Downloads\wsainstall.exe
2016-02-19 08:51 - 2016-02-23 08:42 - 00000000 ____D C:\ProgramData\3bad1d8
2016-02-19 08:51 - 2016-02-19 08:51 - 00003722 _____ C:\Windows\System32\Tasks\{BCA07B9D-1597-F332-1DE1-D8D877E9F06D}
2016-02-16 09:11 - 2016-02-06 04:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-16 09:11 - 2016-02-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-16 09:11 - 2016-02-06 04:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-16 09:11 - 2016-02-06 04:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-16 09:11 - 2016-02-06 04:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-16 09:11 - 2016-02-06 04:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-16 09:11 - 2016-02-06 03:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-16 09:11 - 2016-02-06 03:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-16 09:11 - 2016-02-06 03:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-16 09:11 - 2016-02-06 03:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-16 09:11 - 2016-02-06 03:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-16 09:11 - 2016-02-06 03:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-16 09:11 - 2016-02-06 03:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-16 09:11 - 2016-02-06 02:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-16 09:11 - 2016-01-22 14:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-16 09:11 - 2016-01-22 14:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-16 09:11 - 2016-01-22 00:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-16 09:11 - 2016-01-22 00:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-16 09:11 - 2016-01-22 00:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-16 09:11 - 2016-01-22 00:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-16 09:11 - 2016-01-22 00:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-16 09:11 - 2016-01-22 00:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-16 09:11 - 2016-01-22 00:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-16 09:11 - 2016-01-22 00:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-16 09:11 - 2016-01-22 00:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-16 09:11 - 2016-01-22 00:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-16 09:11 - 2016-01-22 00:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-16 09:11 - 2016-01-22 00:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-16 09:11 - 2016-01-22 00:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-16 09:11 - 2016-01-22 00:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-16 09:11 - 2016-01-22 00:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-16 09:11 - 2016-01-22 00:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-16 09:11 - 2016-01-22 00:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-16 09:11 - 2016-01-22 00:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-16 09:11 - 2016-01-21 23:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-16 09:11 - 2016-01-21 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-16 09:11 - 2016-01-21 23:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-16 09:11 - 2016-01-21 23:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-16 09:11 - 2016-01-21 23:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-16 09:11 - 2016-01-21 23:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-16 09:11 - 2016-01-21 23:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-16 09:11 - 2016-01-21 23:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-16 09:11 - 2016-01-21 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-16 09:11 - 2016-01-21 23:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-16 09:11 - 2016-01-21 23:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-16 09:11 - 2016-01-21 23:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-16 09:11 - 2016-01-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-16 09:11 - 2016-01-21 23:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-16 09:11 - 2016-01-21 23:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-16 09:11 - 2016-01-21 23:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-16 09:11 - 2016-01-21 23:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-16 09:11 - 2016-01-21 23:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-16 09:11 - 2016-01-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-16 09:11 - 2016-01-21 23:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-16 09:11 - 2016-01-21 23:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-16 09:11 - 2016-01-21 23:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-16 09:11 - 2016-01-16 13:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-16 09:11 - 2016-01-16 12:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-16 09:11 - 2016-01-11 08:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-16 09:11 - 2016-01-11 08:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-16 09:11 - 2016-01-11 08:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-16 09:11 - 2016-01-11 08:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-16 09:11 - 2016-01-11 08:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-16 09:11 - 2016-01-06 13:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-16 09:11 - 2016-01-06 13:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-16 09:11 - 2016-01-06 12:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-16 09:10 - 2016-01-22 00:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-16 09:10 - 2016-01-22 00:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-16 09:10 - 2016-01-22 00:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-16 09:10 - 2016-01-22 00:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-16 09:10 - 2016-01-22 00:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-16 09:10 - 2016-01-22 00:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-16 09:10 - 2016-01-22 00:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-16 09:10 - 2016-01-21 23:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-16 09:10 - 2016-01-21 23:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-16 09:10 - 2016-01-21 23:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-16 09:10 - 2016-01-11 13:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-16 09:10 - 2016-01-11 13:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-16 09:10 - 2016-01-11 13:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-16 09:10 - 2016-01-11 12:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-16 09:10 - 2016-01-11 12:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-16 09:10 - 2016-01-11 12:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-16 09:10 - 2016-01-11 12:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-16 09:10 - 2016-01-11 12:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-16 09:10 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-16 09:10 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-16 09:10 - 2016-01-11 12:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-16 09:10 - 2016-01-11 12:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-16 09:10 - 2016-01-11 12:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-16 09:10 - 2016-01-11 12:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-16 09:10 - 2016-01-11 12:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-16 09:10 - 2016-01-11 12:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-16 09:10 - 2016-01-07 11:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-16 09:10 - 2016-01-07 11:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-16 09:10 - 2015-12-20 12:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-16 09:10 - 2015-12-20 12:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-16 09:10 - 2015-12-20 08:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-16 09:09 - 2016-01-22 00:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-16 09:09 - 2016-01-22 00:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-16 09:09 - 2016-01-22 00:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-16 09:09 - 2016-01-22 00:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-16 09:09 - 2016-01-22 00:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-16 09:09 - 2016-01-22 00:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-16 09:09 - 2016-01-22 00:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-16 09:09 - 2016-01-22 00:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-16 09:09 - 2016-01-22 00:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-16 09:09 - 2016-01-22 00:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-16 09:09 - 2016-01-22 00:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-16 09:09 - 2016-01-22 00:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-16 09:09 - 2016-01-22 00:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-16 09:09 - 2016-01-22 00:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-16 09:09 - 2016-01-22 00:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-16 09:09 - 2016-01-22 00:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-16 09:09 - 2016-01-22 00:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-16 09:09 - 2016-01-22 00:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-16 09:09 - 2016-01-22 00:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-16 09:09 - 2016-01-22 00:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-16 09:09 - 2016-01-22 00:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-16 09:09 - 2016-01-22 00:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-16 09:09 - 2016-01-22 00:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-16 09:09 - 2016-01-22 00:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-16 09:09 - 2016-01-22 00:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-16 09:09 - 2016-01-22 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-16 09:09 - 2016-01-22 00:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-16 09:09 - 2016-01-22 00:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-16 09:09 - 2016-01-22 00:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-16 09:09 - 2016-01-22 00:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-16 09:09 - 2016-01-22 00:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-16 09:09 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-16 09:09 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-16 09:09 - 2016-01-22 00:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-16 09:09 - 2016-01-22 00:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-16 09:09 - 2016-01-22 00:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-16 09:09 - 2016-01-22 00:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-16 09:09 - 2016-01-22 00:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-16 09:09 - 2016-01-22 00:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-16 09:09 - 2016-01-22 00:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-16 09:09 - 2016-01-22 00:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-16 09:09 - 2016-01-22 00:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-16 09:09 - 2016-01-22 00:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-16 09:09 - 2016-01-22 00:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-16 09:09 - 2016-01-22 00:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-16 09:09 - 2016-01-22 00:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-16 09:09 - 2016-01-22 00:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-16 09:09 - 2016-01-22 00:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-16 09:09 - 2016-01-22 00:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-16 09:09 - 2016-01-22 00:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-16 09:09 - 2016-01-22 00:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-16 09:09 - 2016-01-22 00:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-16 09:09 - 2016-01-22 00:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-16 09:09 - 2016-01-22 00:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-16 09:09 - 2016-01-21 23:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-16 09:09 - 2016-01-21 23:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-16 09:09 - 2016-01-21 23:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-16 09:09 - 2016-01-21 22:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-16 09:09 - 2016-01-21 22:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-16 09:09 - 2016-01-21 22:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-16 09:09 - 2016-01-21 22:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-16 09:09 - 2016-01-21 22:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-16 09:09 - 2016-01-21 22:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-16 09:09 - 2016-01-21 22:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-16 09:09 - 2016-01-21 22:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-16 09:09 - 2016-01-21 22:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-16 09:09 - 2016-01-21 22:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-16 09:09 - 2016-01-21 22:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 22:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 22:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-16 09:09 - 2016-01-21 22:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-16 09:09 - 2016-01-16 13:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-16 09:09 - 2016-01-16 12:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-16 09:07 - 2016-01-22 00:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-16 09:07 - 2016-01-22 00:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-16 09:07 - 2016-01-22 00:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-16 09:07 - 2016-01-22 00:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-16 09:07 - 2016-01-22 00:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-16 09:07 - 2016-01-21 23:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-16 09:07 - 2016-01-21 23:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-16 09:07 - 2016-01-21 23:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-03 08:52 - 2009-07-13 22:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-03 08:52 - 2009-07-13 22:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-03 08:42 - 2015-09-23 15:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-03 08:42 - 2015-09-23 15:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-03 08:41 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-03 08:23 - 2015-11-30 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-02 08:38 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-03-01 14:42 - 2015-10-29 11:43 - 00000000 ____D C:\Users\lori\Desktop\PROCESSING FORMS 2
2016-02-26 08:25 - 2015-09-29 10:42 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-26 08:25 - 2015-09-29 10:42 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-25 18:06 - 2015-12-01 11:15 - 00000000 ____D C:\Users\lori\Documents\Outlook Files
2016-02-25 17:55 - 2015-10-29 11:27 - 00000000 ____D C:\Users\lori\Desktop\BORROWER FILES
2016-02-23 08:59 - 2015-10-29 11:23 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-23 08:56 - 2015-10-29 11:19 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-19 14:43 - 2015-09-23 15:08 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 14:43 - 2015-09-23 15:08 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 16:10 - 2015-10-29 12:45 - 00000000 _____ C:\Users\lori\Documents\PDF
2016-02-18 08:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-02-17 09:38 - 2009-07-13 23:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-17 09:38 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-02-17 09:29 - 2009-07-13 22:45 - 00437848 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-17 09:26 - 2015-09-29 10:42 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-17 09:26 - 2015-09-29 10:42 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-17 09:26 - 2011-04-12 02:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-16 08:36 - 2015-11-30 15:34 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-16 08:36 - 2015-11-30 15:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-16 08:36 - 2015-11-30 15:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-05 11:55 - 2015-10-29 11:38 - 00000000 ____D C:\Users\lori\Desktop\Personal
 
Some files in TEMP:
====================
C:\Users\lori\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-29 08:29
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by lori (2016-03-03 08:52:37)
Running from C:\Users\lori\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-23 20:29:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1092379027-1265070550-2546060611-500 - Administrator - Disabled)
Guest (S-1-5-21-1092379027-1265070550-2546060611-501 - Limited - Disabled)
lori (S-1-5-21-1092379027-1265070550-2546060611-1001 - Administrator - Enabled) => C:\Users\lori
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ad-Aware Antivirus (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft)
AdAwareInstaller (Version: 11.10.767.8917 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.10.767.8917 - Lavasoft) Hidden
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B046F915-7A34-7D83-5494-67D8BD488538}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden
Citrix Online Launcher (HKLM-x32\...\{1B1BF50E-ACE8-4481-B362-89544FB1CD4B}) (Version: 1.0.357 - Citrix)
Encompass Document Converter (HKLM\...\{A3CC2AA8-4451-4434-BDDA-2A52CCB930A7}) (Version: 7.5.0 - Ellie Mae, Inc.)
Encompass eFolder (HKLM-x32\...\{1A0EFE3C-3EE6-4326-A0F7-7E73BDABC6CA}) (Version: 2.0.2 - Ellie Mae, Inc.)
Encompass360 SmartClient (HKLM-x32\...\{3E9C4FBE-4E6C-4389-A4B3-4AE027D0BF2E}) (Version: 1.0.0 - Ellie Mae, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.222.0 - Advanced Micro Devices, Inc.) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.1 - pdfforge)
PowerCore (HKLM-x32\...\{E48AD80C-DC03-435D-A913-007D313B027E}) (Version: 0.1 - hgonzalez)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.)
SmartClient Core (HKLM-x32\...\{568AEE95-B0FB-4FD9-B7E7-4C8B6A3180C9}) (Version: 1.0.0 - Ellie Mae, Inc.)
SmartClient Installation Manager (x32 Version: 1.0.0 - Ellie Mae) Hidden
ThinPrint Client Windows 10 (HKLM\...\{C23827F2-9883-4195-9D50-F81E923ED5B7}) (Version: 10.0.72 - Cortado AG)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.8.72 - Webroot)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {66F4B067-54A4-4CE6-B46A-BA05FDF78BB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-16] (Adobe Systems Incorporated)
Task: {703B6CE9-1AF3-4D7D-A82E-B35B9EC55BD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {77E879E3-99D0-48DD-B5D8-CF746A4DE3B3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {9A588190-316B-4135-8B19-C25B354D7911} - System32\Tasks\{BCA07B9D-1597-F332-1DE1-D8D877E9F06D} => /s /n /i:"/rt" "C:\PROGRA~3\3bad1d8\7a18f822.dll"
Task: {B19B9289-8F42-4577-B0AB-05E52A16B1B2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {B9591898-C059-4EC1-9CB1-2ED2B2A2B6A2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-29] (Microsoft Corporation)
Task: {BDC4AD67-2A7C-472F-82DA-3F86914DDCA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {D5491EA1-42D9-4090-841A-52CE1C9B3DB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {D622668C-92E9-4ED5-A3C5-715636B3E6B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-29] (Microsoft Corporation)
Task: {ED69FF38-59A5-41C2-9552-B46B9F10523A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-23] (Microsoft Corporation)
Task: {FEBFDFA3-B33B-4ABB-A00C-6DF3DE64E58F} - System32\Tasks\{7E0B0B47-7A09-797D-7A11-0F0E05051108} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9464 more characters).
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-29 11:19 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-28 16:44 - 2016-01-28 16:44 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_system-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_date_time-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_filesystem-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 11674360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareServiceKernel.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\RCF.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_regex-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_thread-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_chrono-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00973040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareActivation.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00561920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareApplicationUpdater.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareGamingMode.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareReset.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTime.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01030912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdater.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdaterScheduler.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIgnoreList.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareQuarantine.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 01594624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiMalwareEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiRootkitEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerHistory.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01373928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScanner.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_timer-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01019640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerScheduler.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02547448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIncompatibles.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01489640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiSpam.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01437424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiPhishing.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareParentalControl.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03107576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareWebProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareEmailProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_iostreams-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01878784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNetworkProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01024744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePromo.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00457448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareFeedback.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareThreatWorkAlliance.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01310952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePinCode.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01027304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNotice.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01563888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAvcEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtectionHistory.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00519920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareStatistics.dll
2015-10-29 11:25 - 2015-10-29 11:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-29 11:21 - 2015-10-29 11:24 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-02-19 14:43 - 2016-02-17 22:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 14:43 - 2016-02-17 22:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2016-02-19 14:43 - 2016-02-17 22:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\...\sharepoint.com -> hxxps://highlandsloans.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lori\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.48.14.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{5BDE62C1-C7FA-497F-ACE0-DF27A0BA3EB8}C:\users\lori\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\lori\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{EC8F4D3D-8473-4015-915D-DD06B59BEA93}C:\users\lori\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\lori\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{7CB5C37F-C1C5-4D75-92CB-E9866895DD91}C:\users\lori\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\lori\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{91BB9AF9-494F-41A3-867A-EC62008858DC}C:\users\lori\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\lori\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{0499B9CB-F2C2-42E7-9ACE-9CD10271BB85}C:\users\lori\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe] => (Allow) C:\users\lori\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{51632830-956B-4422-AFC2-0CCF40811949}C:\users\lori\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe] => (Allow) C:\users\lori\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe
FirewallRules: [{B9363207-FC62-43C3-AB43-C6E34060F593}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{27F7137C-E1A5-4D73-A6B8-244B2321877C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{BDA1CAF6-606B-44B5-B469-AB67AC8DA9BC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E0B139F3-C020-468B-B142-F4CBF3020A13}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{0A6C7403-A459-41D5-99B9-591DB30B2891}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{56457BCC-B632-4D3C-BC54-9DCF53402519}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
23-02-2016 08:30:32 Windows Update
23-02-2016 08:32:46 AA11
26-02-2016 08:24:23 Windows Update
01-03-2016 09:02:54 Windows Update
03-03-2016 08:47:57 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/03/2016 08:43:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2016 08:43:06 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/03/2016 08:32:07 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/02/2016 06:54:23 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/02/2016 03:14:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (03/01/2016 12:06:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2016 12:05:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/01/2016 09:22:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (03/01/2016 09:00:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.11095.1000, time stamp: 0x569045d3
Faulting module name: aeinv.dll, version: 10.0.11095.1000, time stamp: 0x569a91dc
Exception code: 0xc0000005
Fault offset: 0x0000000000017b43
Faulting process id: 0xdbc
Faulting application start time: 0xCompatTelRunner.exe0
Faulting application path: CompatTelRunner.exe1
Faulting module path: CompatTelRunner.exe2
Report Id: CompatTelRunner.exe3
 
Error: (02/29/2016 02:59:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (03/03/2016 08:40:46 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/03/2016 08:40:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/03/2016 08:40:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/03/2016 08:40:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/03/2016 08:40:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/03/2016 08:40:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/03/2016 08:40:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/03/2016 08:40:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/03/2016 08:40:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/03/2016 08:40:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 B24 Processor
Percentage of memory in use: 38%
Total physical RAM: 3583.39 MB
Available physical RAM: 2195.23 MB
Total Virtual: 7164.99 MB
Available Virtual: 5299.65 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:140.67 GB) (Free:94.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 1DA28292)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=140.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=27)
 
==================== End of Addition.txt ============================
 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 03 March 2016 - 02:47 PM

Greetings,

Thank you for the information. Do you recognize these?

Israel Tel Aviv Xglobe Online Ltd
sharepoint.com


Please do this.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove Ad-Aware Antivirus, AdAwareInstaller, and AdAwareUpdater. You can uninstall the program(s) via Add/Remove Programs, or Programs and Features in the Control Panel.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\...\Run: [] => [X]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
U0 SR; no ImagePath
U2 srservice; no ImagePath
2016-02-19 08:51 - 2016-02-23 08:42 - 00000000 ____D C:\ProgramData\3bad1d8
2016-02-19 08:51 - 2016-02-19 08:51 - 00003722 _____ C:\Windows\System32\Tasks\{BCA07B9D-1597-F332-1DE1-D8D877E9F06D}
Task: {9A588190-316B-4135-8B19-C25B354D7911} - System32\Tasks\{BCA07B9D-1597-F332-1DE1-D8D877E9F06D} => /s /n /i:"/rt" "C:\PROGRA~3\3bad1d8\7a18f822.dll"
C:\Program Files\Lavasoft\Ad-Aware Antivirus
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize items?
  • Did Ad-Aware uninstall?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 anthonyp

anthonyp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 03 March 2016 - 04:21 PM

uninstalled adaware

Still got hijacked...

 

 

���Fix result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by lori (2016-03-03 15:16:06) Run:1
Running from C:\Users\lori\Downloads
Loaded Profiles: lori (Available Profiles: lori)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [] => [X]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common
Files\wruninstall.exe (No File)
U0 SR; no ImagePath
U2 srservice; no ImagePath
2016-02-19 08:51 - 2016-02-23 08:42 - 00000000 ____D C:\ProgramData\3bad1d8
2016-02-19 08:51 - 2016-02-19 08:51 - 00003722 _____
C:\Windows\System32\Tasks\{BCA07B9D-1597-F332-1DE1-D8D877E9F06D}
Task: {9A588190-316B-4135-8B19-C25B354D7911} -
System32\Tasks\{BCA07B9D-1597-F332-1DE1-D8D877E9F06D} => /s /n /i:"/rt"
"C:\PROGRA~3\3bad1d8\7a18f822.dll"
C:\Program Files\Lavasoft\Ad-Aware Antivirus
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\Software\Classes\.exe:
exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\Software\Classes\exefile:
"%1" %* <===== ATTENTION
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
C:\Program Files (x86)\Common Files\wruninstall.exe => not found.
SR => service removed successfully
srservice => service removed successfully
C:\ProgramData\3bad1d8 => moved successfully
"2016-02-19 08:51 - 2016-02-19 08:51 - 00003722 _____" => not found.
C:\Windows\System32\Tasks\{BCA07B9D-1597-F332-1DE1-D8D877E9F06D} => moved
successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A5
88190-316B-4135-8B19-C25B354D7911}"
=> key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A5
88190-316B-4135-8B19-C25B354D7911}"
=> key removed successfully
C:\Windows\System32\Tasks\{BCA07B9D-1597-F332-1DE1-D8D877E9F06D} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BCA0
7B9D-1597-F332-1DE1-D8D877E9F06D}"
=> key removed successfully
"C:\Program Files\Lavasoft\Ad-Aware Antivirus" => not found.
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully
HKU\.DEFAULT\Software\Classes\exefile => key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-19\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-19\Software\Classes\exefile => key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-20\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-20\Software\Classes\exefile => key not found.
"HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\Software\Classes\exefile" =>
key removed successfully
"HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\Software\Classes\.exe" =>
key removed successfully
HKU\S-1-5-21-1092379027-1265070550-2546060611-1001\Software\Classes\exefile =>
key not found.

==== End of Fixlog 15:16:09 ==== 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 03 March 2016 - 08:37 PM

Thank you.

Which browser(s) does this happen with?

Please do this.

===================================================

Zoek by Smeenk - Running Commands and Performing a Scan

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected
  • Click More Options and place a check mark in the following boxes:

Do a Deep Scan
Auto Clean

  • Click Run Script and wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. You can also locate it in your C:\ directory. Copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Browsers?
  • Zoek report
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 06 March 2016 - 10:05 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 anthonyp

anthonyp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 07 March 2016 - 09:18 AM

Sorry i thought i had responded

I am using both google and explorer it happens on both

RogueKiller V11.0.14.0 [Feb 29 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : lori [Administrator]
Started from : C:\Users\lori\Downloads\RogueKiller.exe
Mode : Delete -- Date : 03/04/2016 09:47:17
 
¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] SCAppMgr.exe(5684) -- C:\Program Files (x86)\Ellie Mae\SCAppMgr\SCAppMgr.exe[-] -> Killed [TermProc]
 
¤¤¤ Registry : 9 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\pdfforge -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1092379027-1265070550-2546060611-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1092379027-1265070550-2546060611-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.48.14.1 ([X])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.48.14.1 ([X])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.48.14.1 ([X])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D7EB4ECF-A9B3-4432-A071-C05F8499F23F} | DhcpNameServer : 10.48.14.1 ([X])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D7EB4ECF-A9B3-4432-A071-C05F8499F23F} | DhcpNameServer : 10.48.14.1 ([X])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D7EB4ECF-A9B3-4432-A071-C05F8499F23F} | DhcpNameServer : 10.48.14.1 ([X])  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x0]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3160318AS ATA Device +++++
--- User ---
[MBR] fd4786db7cafd4815d0c8ec0c0f6ed58
[BSP] 5b7390a7d530f8d2fe33f71484642ab0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 144043 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 295718912 | Size: 8192 MB
User = LL1 ... OK
User = LL2 ... OK
 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by lori on Fri 03/04/2016 at  8:45:35.98.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\lori\Downloads\zoek.exe [Scan all users]  [Checkboxes used]
 
===== Runcheck  9:48:01.26 =====
 
--- Create Environment Variables  9:48:03.76 
--- Create System Restore Point  9:48:13.68 
--- Checking Input  9:48:31.80 
--- AU AppData Check  9:49:21.26 
--- Remove From Windows Installer  9:49:24.50 
--- Empty Folders Check  9:54:13.03 
--- Registry HKLM Software Check  9:54:13.13 
--- Quick Launch Shortcut Check  9:54:50.31 
--- IE Startpage Check  9:55:58.47 
--- Program Files DB Check  9:59:00.71 
--- C:\Users\Default\AppData\Roaming DB Check 10:03:01.69 
--- C:\Users\Default User\AppData\Roaming DB Check 10:03:01.69 
--- C:\Users\lori\AppData\Roaming DB Check 10:03:01.69 
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 10:03:01.69 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 10:03:01.69 
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 10:03:01.69 
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 10:03:01.69 
--- C:\Users\lori DB Check 10:18:42.31 
--- C:\PROGRA~3 DB Check 10:20:37.18 
--- C:\Users\Default\AppData\Local DB Check 10:22:06.18 
--- C:\Users\Default User\AppData\Local DB Check 10:22:06.18 
--- C:\Users\lori\AppData\Local DB Check 10:22:06.18 
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 10:22:06.18 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 10:22:06.18 
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 10:22:06.18 
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 10:22:06.18 
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 10:34:42.31 
--- C:\Users\lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 10:36:08.81 
--- Tasks DB Check 10:37:04.35 
--- Downloads DB Check 10:37:40.62 
--- C:\Users\Default\AppData\LocalLow DB Check 10:38:14.39 
--- C:\Users\Default User\AppData\LocalLow DB Check 10:38:14.39 
--- C:\Users\lori\AppData\LocalLow DB Check 10:38:14.39 
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 10:38:14.39 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 10:38:14.39 
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 10:38:14.39 
--- Tasks2 DB Check 10:46:40.43 
--- Documents DB Check 10:51:34.61 
--- C:\Users\Public\Desktop DB Check 10:52:48.45 
--- C:\Users\lori\Desktop DB Check 10:53:39.41 
--- Services DB Check 10:55:11.50 
--- FF prefs.js DB Check 11:00:23.20 
--- Del by CLSID 11:00:33.87 
--- Processes 11:04:55.31 
--- Delete Services 11:04:59.01 
--- Delete files\folders 11:05:23.86 
--- Create Backups 11:05:25.64 
--- System Specs 11:06:08.66 
--- Recently Created 11:06:49.04 
--- StartUp Information 11:10:31.25 
--- Firefox Extensions 11:12:46.39 
--- Chrome Look 11:13:06.66 
--- Create Backups 11:18:20.64 
--- Chrome Fix 11:18:27.04 
--- IEdefaults 11:18:27.82 
--- Del from Uninstall List 11:22:29.65 
 
 


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 07 March 2016 - 01:27 PM

Thank you,

Let's test this before changing anything else.

===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --incognito and press Enter
  • Check the browser behavior
===================================================

Launching Internet Explorer Without Add-ons

----------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type iexplore.exe -extoff then press Enter
  • Check the browser behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Browser behavior?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 anthonyp

anthonyp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 08 March 2016 - 08:32 AM

it appears to be ok,,,,

I will work on it today and see if something bad happens



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 08 March 2016 - 02:56 PM

If it works fine as modified and still doesn't work when the browser is launched normally I would like you to do this.

===================================================

Manually Troubleshooting Google Chrome Plug-ins and Extensions

--------------------
  • Launch Chrome normally
  • In the address bar type chrome://plugins and press Enter
  • Click Disable on all plugins
  • Enable one plugin at a time, restart Chrome and check the performance
  • In the address bar type chrome://extensions and press Enter
  • Uncheck any checked items
  • Enable one extension at a time, restart Chrome and check the performance
  • Identify and report any plugins or extensions causing problems
===================================================

Manually Troubleshooting Internet Explorer Add-Ons

-------------------
  • Launch Internet Explorer
  • Click Tools, then Manage add-ons
  • Disable each add-on by right clicking on any enabled add-on and selecting Disable
  • Enable an add-on one at a time, close Internet Explorer then relaunch it
  • Check to see if the performance changes with the newly enabled add-on
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 anthonyp

anthonyp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 09 March 2016 - 09:22 AM

I will work on it today and see how the performance is



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 09 March 2016 - 10:44 AM

Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 11 March 2016 - 06:44 PM

How are we doing?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:12 AM

Posted 12 March 2016 - 09:04 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users