Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hadsruda!bit


  • Please log in to reply
22 replies to this topic

#1 JeriSama

JeriSama

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wai'anae, Hawai'i
  • Local time:01:02 AM

Posted 17 June 2016 - 02:50 AM

Hello,

 

Not sure exactly if I am doing this correctly; MS Security Essentials tells me that I have a detected item - Program:Win32/Hadsruda!bit and I am not exactly sure how to get rid of it.  I have tried removing it and quarantining it and both to no avail.  I am having a slow-down issue with my computer since my friend borrowed it and I am afraid that he's tried to dl a lot of crap that weren't really programs.  I also cannot seem to upgrade to Windows 10.  If someone could help me through the steps to rectify these problems it would be appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01
Ran by New User (administrator) on JERISAMA-PC (16-06-2016 14:25:44)
Running from C:\Users\New User\Downloads\Desktop
Loaded Profiles: New User (Available Profiles: New User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\windows\System32\GWX\GWX.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\New User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Users\New User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [894048 2013-01-11] (Conexant Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [Google Update] => C:\Users\New User\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [3EEACF25A3A34117C559996B7D8760AD66AA92BB._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-03] (Google Inc.)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [Spotify Web Helper] => C:\Users\New User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-08-01] (Spotify Ltd)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [Zoom] => [X]
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [Facebook Update] => C:\Users\New User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-08] (Facebook Inc.)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [Connectivity Fixer] => C:\Program Files (x86)\Badosoft\Connectivity Fixer\Connectivity Fixer.exe [2100896 2013-10-07] (Badosoft)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [MusicManager] => C:\Users\New User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [Dropbox Update] => C:\Users\New User\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-13] (Dropbox, Inc.)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\MountPoints2: {c7707f76-5a8c-11e5-abf3-00038a000015} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\MountPoints2: {c7708078-5a8c-11e5-abf3-00038a000015} - E:\Windows\AutoRun.exe
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\NEWUSE~1\DOWNLO~1\Desktop\dds.scr
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-12-01] (Apple Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\New User\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
BootExecute: dfboottime \??\C:\windows\System32\dfboottime.cfgautocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4D212A25-9A31-4C6E-B8D6-229B29B2CBB6}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{5BC8C55B-9E9F-43CD-A572-1FF6E7F12CBC}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sw__alt__ddc_dsssyc_bd_com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fstart.toshiba.com&OSP=
HKU\S-1-5-21-3917243199-554470053-2731875590-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
SearchScopes: HKLM -> OldSearch URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {206B0E61-D998-4957-917E-912C2DF3B633} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-sw__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM-x32 -> {206B0E61-D998-4957-917E-912C2DF3B633} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {D907D19D-6A81-4774-9AFF-C790B0C5C570} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3917243199-554470053-2731875590-1000 -> OldSearch URL = 
SearchScopes: HKU\S-1-5-21-3917243199-554470053-2731875590-1000 -> {0A525978-B1E2-4998-AE7B-D143EDA5177E} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-3917243199-554470053-2731875590-1000 -> {5DA706DD-FEC7-485C-836E-0F757801EEB0} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS492
SearchScopes: HKU\S-1-5-21-3917243199-554470053-2731875590-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-3917243199-554470053-2731875590-1000 -> {A48F0BD4-00E1-4568-BFBC-3C85687C2088} URL = hxxp://www.bing.com/search?FORM=BD18DF&PC=BD18&dt=091313&q={searchTerms}&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-13] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-13] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-17] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-13] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-13] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-13] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-06-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-17] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3917243199-554470053-2731875590-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\New User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3917243199-554470053-2731875590-1000: @sun.com/npsopluginmi;version=1.0 -> C:\Program Files (x86)\OpenOffice.org 3\program [No File]
FF Plugin HKU\S-1-5-21-3917243199-554470053-2731875590-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\New User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3917243199-554470053-2731875590-1000: @talk.google.com/O1DPlugin -> C:\Users\New User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3917243199-554470053-2731875590-1000: @tools.google.com/Google Update;version=3 -> C:\Users\New User\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-3917243199-554470053-2731875590-1000: @tools.google.com/Google Update;version=9 -> C:\Users\New User\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-3917243199-554470053-2731875590-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\New User\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2015-02-12] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-3917243199-554470053-2731875590-1000: facebook.com/fbDesktopPlugin -> C:\Users\New User\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\New User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\New User\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-03-29] [not signed]
FF HKU\S-1-5-21-3917243199-554470053-2731875590-1000\...\Firefox\Extensions: [sp@sp.com] - C:\Program Files (x86)\Social Privacy\FF => not found
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxp://daycalc.appspot.com/09/22/2012","hxxp://www.gmail.com/","hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11411&pf=V7&trgb=CR&p2=%5EBBJ%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBJ&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_35.0.1916.153&apn_uid=72F953BF-113E-46A7-84EE-733BF68F1F49&itbv=12.15.1.20&doi=2014-07-27&psv=&pt=tb","hxxp://google.com/","hxxp://www.trovi.com/?gd=&ctid=CT3324803&octid=EB_ORIGINAL_CTID&ISID=MA9B1F09D-C72D-4F69-8012-C4E1F6AEF924&SearchSource=55&CUI=&UM=8&UP=SP4ECA6549-E0F1-480A-BD08-30C8C7BC627B&D=031615&SSPV="
CHR Session Restore: Profile 1 -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\pdf.dll => No File
CHR Plugin: (iCloud Control Panel) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0\win-x32/AppleChromeDAV.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.6) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Desktop) - C:\Users\New User\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\New User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\New User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\New User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\New User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Zoom Launcher) - C:\Users\New User\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-15]
CHR Extension: (Fotor Photo Editor) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2014-09-20]
CHR Extension: (iCloud) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhodfififgcgedifpkenofdhlaafokk [2014-09-20]
CHR Extension: (Video Downloader professional) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-09-20]
CHR Extension: (iCloud Bookmarks) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-09-20]
CHR Extension: (PDF Mergy) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-09-20]
CHR Extension: (Skype Click to Call) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-15]
CHR Profile: C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Downloads) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2015-09-27]
CHR Extension: (Dislike button for Facebook) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\anjnlnfmhgbmfdemkbknebhfjfahhfki [2015-11-03]
CHR Extension: (Google Drive) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Webpage Screenshot) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bdfnieppndfdhcgbmhfdlgdjegclkomk [2015-08-03]
CHR Extension: (Fotor Photo Editor) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2015-03-28]
CHR Extension: (iCloud) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bjhodfififgcgedifpkenofdhlaafokk [2015-03-28]
CHR Extension: (Slinky Elegant) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2015-03-28]
CHR Extension: (Facebook) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-03-28]
CHR Extension: (Advanced Font Settings) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2015-03-28]
CHR Extension: (Adblock Plus) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-13]
CHR Extension: (Spotify - Music for every moment) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-03-28]
CHR Extension: (Surveillance Cam Professional( Security Cam)) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cpcnbefekficgbfoibedacpkahdfijoe [2015-03-28]
CHR Extension: (Gmail™ Notifier) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2016-06-13]
CHR Extension: (MyWebFace) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcmcdoaknaojppeomaejlbjbpgocdhok [2016-06-13]
CHR Extension: (Facebook Unseen) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dmdhkalcecemojegheiohcghkamlipof [2015-03-28]
CHR Extension: (Gmail Offline Sync Optimizer) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dncjnngcblhgeeocnhmmihpanahkjbmi [2015-07-20]
CHR Extension: (Gmail Offline) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-03-28]
CHR Extension: (Add Email Signature - WiseStamp) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjjniaenghhbffhplhdcipdgidbajdp [2016-06-13]
CHR Extension: (Video Downloader professional) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-03-28]
CHR Extension: (Brilliant) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eommhbliilafdkodaijeejngbjiiaccl [2015-03-28]
CHR Extension: (iCloud Bookmarks) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-07-31]
CHR Extension: (PhotoLive - Download Facebook Photos!) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fpjnpabklnaaifclgealaepelncljadk [2015-03-28]
CHR Extension: (Facebook for Chrome) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2015-08-30]
CHR Extension: (PDFescape Free PDF Editor) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gdefoklganepljiopdnglodohlgfikkl [2015-03-28]
CHR Extension: (Google Docs Offline) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-13]
CHR Extension: (Camera) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hfhhnacclhffhdffklopdkcgdhifgngh [2016-06-13]
CHR Extension: (PDF Mergy) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2015-03-28]
CHR Extension: (Auto Refresh) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2015-07-20]
CHR Extension: (Photon - Facebook Photo Editor) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihhdcjefkafghalpbdjebmfnjbgfgkpo [2015-07-20]
CHR Extension: (PDFescape) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ioombffmiompnnfbajkmmghjaleclnjo [2015-03-28]
CHR Extension: (Facebook Platinum) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfodbocncpdocjdknjadipkgbbagld [2015-03-28]
CHR Extension: (Google Voice (by Google)) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-03-28]
CHR Extension: (Start - A Better New Tab) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgifkabikplflflabkllnpidlbjjpgbp [2015-07-20]
CHR Extension: (PictureMate - View hidden pictures) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khmlalkcjmglpgdkmkmmgjcajahkoigj [2015-09-13]
CHR Extension: (Google Hangouts) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-06-16]
CHR Extension: (Photo Hack for Facebook) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfolibbobnddfcjbjnfiikjgdefiejpl [2015-07-20]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2015-03-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-28]
CHR Extension: (Facebook Email Signature - By WiseStamp) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mddbjkchhjpknjmkmkifidnpdnecmbjn [2015-03-28]
CHR Extension: (Enhancements for Gmail) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgdnblnolcinnndenjnollpiplgkbjcn [2015-12-26]
CHR Extension: (Google Hangouts) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-13]
CHR Extension: (Video Chat FlirtyMania) - C:\Users\New User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oiaahapngnjijjgplpikimpaepddnfae [2015-03-28]
CHR HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\NEWUSE~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-03-17]
CHR HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbofibgamhkgoonaocfgemncghhadmgb] - C:\Users\New User\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\NEWUSE~1\AppData\Local\Temp\7zS3B22\hpslpsvc64.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S1 DMICall; C:\Windows\SysWOW64\DRIVERS\DMICall.sys [3888 2000-02-23] (Sony Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
S3 KC02US_bus; C:\Windows\System32\DRIVERS\KC02US_bus.sys [58864 2013-05-09] (KYOCERA Corporation)
S3 KC02US_mdm; C:\Windows\System32\DRIVERS\KC02US_mdm.sys [90264 2013-05-09] (KYOCERA Corporation)
S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
S3 androidusb; System32\Drivers\androidusb.sys [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]
S3 wanatw; system32\DRIVERS\wanatw64.sys [X]
S3 zghsdiag; system32\DRIVERS\zghsdiag.sys [X]
S3 zghsmdm; system32\DRIVERS\zghsmdm.sys [X]
S3 zghsnmea; system32\DRIVERS\zghsnmea.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-16 14:01 - 2016-06-16 14:02 - 00000004 _____ C:\windows\msoffice.ini
2016-06-16 13:50 - 2016-06-16 13:50 - 00000000 ____D C:\Users\New User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-06-16 13:50 - 2016-06-16 13:50 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-06-14 11:48 - 2016-06-06 06:58 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-06-14 11:48 - 2016-06-06 06:50 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-06-14 11:48 - 2016-06-03 03:05 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-06-14 11:48 - 2016-05-27 03:06 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-06-14 11:48 - 2016-05-27 03:06 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-06-14 11:48 - 2016-05-27 03:06 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-06-14 11:48 - 2016-05-27 03:06 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-06-14 11:48 - 2016-05-22 03:06 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-06-14 11:48 - 2016-05-13 12:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-06-14 11:48 - 2016-05-13 12:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-06-14 11:48 - 2016-05-13 12:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-06-14 11:48 - 2016-05-13 12:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-06-14 11:48 - 2016-05-13 12:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-06-14 11:48 - 2016-05-13 11:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-06-14 11:48 - 2016-05-13 11:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-06-14 11:48 - 2016-05-13 11:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-06-14 11:48 - 2016-05-13 11:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-06-14 11:48 - 2016-05-13 11:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-06-14 11:48 - 2016-05-12 07:20 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-14 11:48 - 2016-05-12 07:20 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-06-14 11:48 - 2016-05-12 07:15 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-06-14 11:48 - 2016-05-12 07:15 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-06-14 11:48 - 2016-05-12 07:15 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-06-14 11:48 - 2016-05-12 07:15 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-06-14 11:48 - 2016-05-12 07:15 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-06-14 11:48 - 2016-05-12 07:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-06-14 11:48 - 2016-05-12 05:18 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-06-14 11:48 - 2016-05-12 05:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-06-14 11:48 - 2016-05-12 05:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-06-14 11:48 - 2016-05-12 04:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-06-14 11:48 - 2016-05-12 04:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-06-14 11:48 - 2016-05-12 04:58 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-06-14 11:48 - 2016-05-12 04:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-06-14 11:48 - 2016-05-12 04:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-06-14 11:48 - 2016-05-12 04:58 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-06-14 11:48 - 2016-05-12 04:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-06-14 11:48 - 2016-05-12 04:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-06-14 11:48 - 2016-05-12 04:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-06-14 11:48 - 2016-05-12 03:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-06-14 11:48 - 2016-05-12 03:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-06-14 11:48 - 2016-05-12 03:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-06-14 11:48 - 2016-05-11 07:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-06-14 11:48 - 2016-05-11 07:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-06-14 11:48 - 2016-05-11 07:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-06-14 11:48 - 2016-05-11 07:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-06-14 11:48 - 2016-05-11 05:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-06-14 11:48 - 2016-05-11 05:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-06-14 11:48 - 2016-05-11 05:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-06-14 11:48 - 2016-05-11 04:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-06-14 11:47 - 2016-05-20 11:57 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-06-14 11:47 - 2016-05-20 11:48 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-06-14 11:47 - 2016-05-18 06:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-06-14 11:47 - 2016-05-18 06:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-06-14 11:47 - 2016-05-12 07:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-06-14 11:47 - 2016-05-12 07:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-06-14 11:47 - 2016-05-12 07:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-06-14 11:47 - 2016-05-12 07:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-06-14 11:47 - 2016-05-12 07:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-06-14 11:47 - 2016-05-12 07:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-06-14 11:47 - 2016-05-12 05:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-06-14 11:47 - 2016-05-12 05:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-06-14 11:47 - 2016-05-12 05:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-06-14 11:47 - 2016-05-12 05:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 11:47 - 2016-05-11 05:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-06-14 11:47 - 2016-05-11 05:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-06-14 11:47 - 2016-05-11 05:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-06-14 11:47 - 2016-04-14 06:46 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-06-14 11:47 - 2016-04-14 06:42 - 03243520 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-06-14 11:47 - 2016-04-14 06:42 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-14 11:47 - 2016-04-14 06:42 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-06-14 11:47 - 2016-04-14 06:42 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-06-14 11:47 - 2016-04-14 06:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-06-14 11:47 - 2016-04-14 05:33 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-06-14 11:47 - 2016-04-14 05:33 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-14 11:47 - 2016-04-14 05:33 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-06-14 11:47 - 2016-04-14 05:33 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-06-14 11:47 - 2016-04-14 05:19 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-06-14 11:47 - 2016-04-14 05:11 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-06-14 11:47 - 2016-04-08 20:58 - 14186496 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-06-14 11:47 - 2016-04-08 20:57 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-06-14 11:47 - 2016-04-08 20:54 - 12881408 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-06-14 11:47 - 2016-04-08 20:54 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-06-14 11:47 - 2016-04-08 19:53 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-06-14 11:47 - 2016-04-08 19:44 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-06-14 11:47 - 2016-03-09 09:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-06-14 11:47 - 2016-03-09 08:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-06-14 11:46 - 2016-05-23 13:37 - 00394960 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-06-14 11:46 - 2016-05-23 12:54 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-06-14 11:46 - 2016-05-21 07:28 - 25802752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-06-14 11:46 - 2016-05-21 06:57 - 20341248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-06-14 11:46 - 2016-05-20 12:27 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-06-14 11:46 - 2016-05-20 12:27 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-06-14 11:46 - 2016-05-20 12:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-06-14 11:46 - 2016-05-20 12:10 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-06-14 11:46 - 2016-05-20 12:09 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-06-14 11:46 - 2016-05-20 12:09 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-06-14 11:46 - 2016-05-20 12:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-06-14 11:46 - 2016-05-20 12:08 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-06-14 11:46 - 2016-05-20 12:08 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-06-14 11:46 - 2016-05-20 12:02 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-06-14 11:46 - 2016-05-20 12:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-06-14 11:46 - 2016-05-20 11:59 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-06-14 11:46 - 2016-05-20 11:57 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-06-14 11:46 - 2016-05-20 11:57 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-06-14 11:46 - 2016-05-20 11:56 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-06-14 11:46 - 2016-05-20 11:56 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-06-14 11:46 - 2016-05-20 11:55 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-06-14 11:46 - 2016-05-20 11:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-06-14 11:46 - 2016-05-20 11:54 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-06-14 11:46 - 2016-05-20 11:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-06-14 11:46 - 2016-05-20 11:54 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-06-14 11:46 - 2016-05-20 11:50 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-06-14 11:46 - 2016-05-20 11:49 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-06-14 11:46 - 2016-05-20 11:45 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-06-14 11:46 - 2016-05-20 11:45 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-06-14 11:46 - 2016-05-20 11:44 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-06-14 11:46 - 2016-05-20 11:44 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-06-14 11:46 - 2016-05-20 11:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-06-14 11:46 - 2016-05-20 11:41 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-06-14 11:46 - 2016-05-20 11:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-06-14 11:46 - 2016-05-20 11:33 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-06-14 11:46 - 2016-05-20 11:32 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-06-14 11:46 - 2016-05-20 11:29 - 13815808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-06-14 11:46 - 2016-05-20 11:28 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-06-14 11:46 - 2016-05-20 11:27 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-06-14 11:46 - 2016-05-20 11:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-14 11:46 - 2016-05-20 11:26 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-06-14 11:46 - 2016-05-20 11:25 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-06-14 11:46 - 2016-05-20 11:23 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-06-14 11:46 - 2016-05-20 11:23 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-06-14 11:46 - 2016-05-20 11:22 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-06-14 11:46 - 2016-05-20 11:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-06-14 11:46 - 2016-05-20 11:19 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-06-14 11:46 - 2016-05-20 11:14 - 04610048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-06-14 11:46 - 2016-05-20 11:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-06-14 11:46 - 2016-05-20 11:11 - 15420928 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-06-14 11:46 - 2016-05-20 11:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-06-14 11:46 - 2016-05-20 11:09 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-06-14 11:46 - 2016-05-20 11:09 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-06-14 11:46 - 2016-05-20 11:08 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-06-14 11:46 - 2016-05-20 11:08 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-06-14 11:46 - 2016-05-20 11:07 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-06-14 11:46 - 2016-05-20 11:07 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-06-14 11:46 - 2016-05-20 11:06 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-06-14 11:46 - 2016-05-20 10:46 - 02597888 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-06-14 11:46 - 2016-05-20 10:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-06-14 11:46 - 2016-05-20 10:38 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-06-14 11:46 - 2016-05-20 10:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-06-14 11:46 - 2016-05-20 10:34 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-06-14 11:46 - 2016-05-20 10:23 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-06-14 10:10 - 2016-06-14 11:10 - 19942080 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-14 07:57 - 2011-12-18 18:12 - 00708968 ____N (Hewlett-Packard Co.) C:\windows\system32\HPDiscoPM6412.dll
2016-06-13 12:53 - 2015-11-13 13:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-06-13 12:53 - 2015-11-13 13:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-06-13 12:53 - 2015-11-13 13:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-06-13 12:53 - 2015-11-13 12:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll
2016-06-13 12:53 - 2015-11-13 12:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll
2016-06-13 12:53 - 2015-11-13 12:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe
2016-06-13 12:52 - 2016-03-17 12:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-06-13 12:52 - 2016-03-17 12:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-06-13 12:52 - 2016-03-16 08:50 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-06-13 12:52 - 2016-03-16 08:28 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-06-13 12:52 - 2016-03-16 08:28 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-06-13 12:52 - 2016-03-06 08:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-06-13 12:52 - 2016-03-06 08:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-06-13 12:52 - 2016-03-06 08:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-06-13 12:52 - 2016-03-06 08:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-06-13 12:52 - 2016-02-02 08:57 - 00511488 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-06-13 12:52 - 2016-01-20 14:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-06-13 12:52 - 2015-11-19 04:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-06-13 12:52 - 2015-11-19 04:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-06-13 12:51 - 2016-04-14 03:49 - 00603648 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-06-13 12:51 - 2016-04-14 03:21 - 00647680 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-06-13 12:51 - 2016-04-08 21:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-06-13 12:51 - 2016-04-08 21:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-06-13 12:51 - 2016-04-08 20:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2016-06-13 12:51 - 2016-03-23 04:02 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-06-13 12:51 - 2016-03-15 14:16 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-06-13 12:51 - 2016-03-15 14:16 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-06-13 12:51 - 2016-03-15 13:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-06-13 12:51 - 2016-02-12 08:52 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-06-13 12:51 - 2016-02-12 08:52 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-06-13 12:51 - 2016-02-12 08:52 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-06-13 12:51 - 2016-02-12 08:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-06-13 12:51 - 2016-02-12 08:39 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-06-13 12:51 - 2016-02-12 08:22 - 02610688 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-06-13 12:51 - 2016-02-12 08:19 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-06-13 12:51 - 2016-02-12 08:18 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-06-13 12:51 - 2016-02-12 08:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-06-13 12:51 - 2016-02-12 08:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-06-13 12:51 - 2016-02-12 08:18 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-06-13 12:51 - 2016-02-12 08:18 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-06-13 12:51 - 2016-02-12 08:06 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-06-13 12:51 - 2016-02-12 08:05 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-06-13 12:51 - 2016-02-12 08:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-06-13 12:51 - 2016-02-12 08:05 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-06-13 12:51 - 2016-02-05 08:56 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll
2016-06-13 12:51 - 2016-02-05 08:54 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll
2016-06-13 12:51 - 2016-02-05 07:33 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll
2016-06-13 12:51 - 2016-02-04 15:19 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-06-13 12:51 - 2016-02-04 08:41 - 00296448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-06-13 12:51 - 2016-02-03 08:58 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-06-13 12:51 - 2016-02-03 08:52 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-06-13 12:51 - 2016-02-03 08:49 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-06-13 12:51 - 2016-02-03 08:43 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-06-13 12:51 - 2016-02-03 08:07 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-06-13 12:51 - 2016-01-11 09:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-06-13 12:51 - 2016-01-07 07:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-06-13 12:51 - 2015-12-08 11:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-06-13 12:51 - 2015-12-08 11:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-06-13 12:51 - 2015-12-08 11:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-06-13 12:51 - 2015-12-08 11:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-06-13 12:51 - 2015-12-08 11:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-06-13 12:51 - 2015-12-08 11:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-06-13 12:51 - 2015-12-08 11:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll
2016-06-13 12:51 - 2015-12-08 11:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-06-13 12:51 - 2015-12-08 11:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-06-13 12:51 - 2015-12-08 11:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-06-13 12:51 - 2015-12-08 11:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-06-13 12:51 - 2015-12-08 11:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-06-13 12:51 - 2015-12-08 11:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-06-13 12:51 - 2015-12-08 11:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-06-13 12:51 - 2015-12-08 11:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-06-13 12:51 - 2015-12-08 11:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-06-13 12:51 - 2015-12-08 11:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-06-13 12:51 - 2015-12-08 11:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-06-13 12:51 - 2015-12-08 11:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-06-13 12:51 - 2015-12-08 11:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-06-13 12:51 - 2015-12-08 11:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-06-13 12:51 - 2015-12-08 11:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-06-13 12:51 - 2015-12-08 11:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-06-13 12:51 - 2015-12-08 11:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-06-13 12:51 - 2015-12-08 11:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-06-13 12:51 - 2015-12-08 11:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll
2016-06-13 12:51 - 2015-12-08 11:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-06-13 12:51 - 2015-12-08 11:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-06-13 12:51 - 2015-12-08 11:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-06-13 12:51 - 2015-12-08 11:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-06-13 12:51 - 2015-12-08 11:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 01393152 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-06-13 12:51 - 2015-12-08 09:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-06-13 12:51 - 2015-12-08 09:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-06-13 12:51 - 2015-12-08 09:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-06-13 12:51 - 2015-06-03 10:21 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-06-13 12:50 - 2016-02-08 23:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-06-13 12:50 - 2016-01-21 20:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-06-13 12:50 - 2016-01-21 20:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-06-13 12:50 - 2016-01-21 20:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-06-13 12:50 - 2016-01-21 20:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-06-13 12:50 - 2015-12-08 11:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-06-13 12:50 - 2015-12-08 11:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-06-13 12:50 - 2015-12-08 11:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-06-13 12:50 - 2015-12-08 11:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll
2016-06-13 12:50 - 2015-12-08 11:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-06-13 12:50 - 2015-12-08 09:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-06-13 12:50 - 2015-12-08 09:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-06-13 12:50 - 2015-12-08 09:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-06-13 12:50 - 2015-12-08 09:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-06-13 12:50 - 2015-12-08 09:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-06-13 12:50 - 2015-12-08 08:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-06-13 12:50 - 2015-12-08 08:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-06-13 12:50 - 2015-12-08 08:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-06-13 12:49 - 2016-04-06 05:27 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-06-13 12:49 - 2016-03-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-06-13 12:49 - 2016-03-09 08:34 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-06-13 12:49 - 2016-02-08 23:57 - 14634496 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-06-13 12:49 - 2016-02-08 23:57 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-06-13 12:49 - 2016-02-08 23:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-06-13 12:49 - 2016-02-08 23:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-06-13 12:49 - 2016-02-08 23:54 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-06-13 12:49 - 2016-02-08 23:51 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-06-13 12:49 - 2016-02-08 23:51 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-06-13 12:49 - 2016-02-08 23:13 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2016-06-13 12:49 - 2016-02-08 23:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2016-06-13 12:49 - 2016-02-08 23:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2016-06-13 12:48 - 2016-04-08 21:02 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-06-13 12:48 - 2016-04-08 21:01 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-06-13 12:48 - 2016-04-08 21:01 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-06-13 12:48 - 2016-04-08 20:59 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-06-13 12:48 - 2016-04-08 20:59 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-06-13 12:48 - 2016-04-08 20:59 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-06-13 12:48 - 2016-04-08 20:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-06-13 12:48 - 2016-04-08 20:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-06-13 12:48 - 2016-04-08 20:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-06-13 12:48 - 2016-04-08 20:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-06-13 12:48 - 2016-04-08 20:58 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-06-13 12:48 - 2016-04-08 20:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-06-13 12:48 - 2016-04-08 20:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 20:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 19:52 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-06-13 12:48 - 2016-04-08 19:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-06-13 12:48 - 2016-04-08 19:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-06-13 12:48 - 2016-04-08 19:48 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-06-13 12:48 - 2016-04-08 19:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-06-13 12:48 - 2016-04-08 19:43 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-06-13 12:48 - 2016-04-08 19:38 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-06-13 12:48 - 2016-04-08 19:38 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-06-13 12:48 - 2016-04-08 19:38 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-06-13 12:48 - 2016-04-08 19:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-06-13 12:48 - 2016-04-08 19:37 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 19:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 19:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-06-13 12:48 - 2016-04-08 19:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-06-13 12:46 - 2016-04-08 18:20 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2016-06-13 12:46 - 2016-04-08 17:52 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2016-06-13 10:10 - 2016-06-13 10:10 - 00000000 ____D C:\Users\New User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-16 14:25 - 2015-03-16 09:34 - 00000000 ____D C:\FRST
2016-06-16 14:23 - 2012-08-07 21:10 - 00000940 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3917243199-554470053-2731875590-1000UA.job
2016-06-16 14:23 - 2012-08-07 21:10 - 00000918 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3917243199-554470053-2731875590-1000Core.job
2016-06-16 14:14 - 2009-07-13 18:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-16 14:14 - 2009-07-13 18:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-16 14:10 - 2012-07-10 11:24 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-06-16 14:10 - 2012-03-01 09:39 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-16 14:08 - 2015-03-17 19:32 - 00000000 ___RD C:\Users\New User\Google Drive
2016-06-16 14:08 - 2014-09-20 03:27 - 00000000 ___RD C:\Users\New User\iCloudDrive
2016-06-16 14:06 - 2012-03-01 09:39 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-16 14:06 - 2009-07-13 19:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-06-16 14:04 - 2013-04-07 14:41 - 00000000 ____D C:\Users\New User\AppData\Local\AOL
2016-06-16 14:03 - 2012-12-16 19:43 - 00000000 ____D C:\Users\New User\AppData\Roaming\AOL
2016-06-16 14:03 - 2012-12-16 19:38 - 00000000 ____D C:\ProgramData\AOL
2016-06-16 14:02 - 2012-12-16 19:42 - 00000000 ____D C:\Users\Public\Documents\AOL Downloads
2016-06-16 14:01 - 2012-12-16 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2016-06-16 13:43 - 2015-09-13 22:38 - 00000930 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3917243199-554470053-2731875590-1000UA.job
2016-06-16 13:43 - 2015-03-15 22:13 - 00000000 ____D C:\Users\New User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-06-16 13:40 - 2015-02-17 23:09 - 00000920 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3917243199-554470053-2731875590-1000UA.job
2016-06-16 10:40 - 2012-08-13 11:27 - 00000868 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3917243199-554470053-2731875590-1000Core.job
2016-06-16 07:06 - 2009-07-13 19:13 - 00783424 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-16 07:06 - 2009-07-13 17:20 - 00000000 ____D C:\windows\inf
2016-06-15 22:48 - 2015-09-13 22:38 - 00000878 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3917243199-554470053-2731875590-1000Core.job
2016-06-15 10:40 - 2010-11-20 17:27 - 00484008 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-14 15:41 - 2009-07-13 18:45 - 00296400 _____ C:\windows\system32\FNTCACHE.DAT
2016-06-14 15:38 - 2015-07-25 17:34 - 00000000 ____D C:\windows\system32\appraiser
2016-06-14 15:36 - 2013-08-15 21:33 - 00000000 ____D C:\windows\system32\MRT
2016-06-14 15:21 - 2012-07-10 12:39 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-06-14 11:11 - 2012-07-10 11:24 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 11:11 - 2012-07-10 11:24 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-06-14 11:11 - 2011-11-02 20:12 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-14 08:48 - 2012-08-04 01:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-14 08:02 - 2012-11-30 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-06-14 08:02 - 2012-11-30 07:47 - 00000000 ____D C:\Program Files\HP
2016-06-14 07:59 - 2012-11-30 07:43 - 00000000 ____D C:\Program Files (x86)\HP
2016-06-14 07:59 - 2012-11-30 07:41 - 00000000 ____D C:\ProgramData\HP
2016-06-14 07:53 - 2015-04-06 06:19 - 00000000 ____D C:\Users\New User\AppData\Local\Deployment
2016-06-14 07:47 - 2014-08-29 09:45 - 00000000 __SHD C:\Users\New User\AppData\Local\EmieUserList
2016-06-14 07:47 - 2014-08-29 09:45 - 00000000 __SHD C:\Users\New User\AppData\Local\EmieSiteList
2016-06-14 07:46 - 2014-09-10 09:36 - 00000000 __SHD C:\Users\New User\AppData\LocalLow\EmieUserList
2016-06-14 07:46 - 2014-08-29 09:40 - 00000000 __SHD C:\Users\New User\AppData\LocalLow\EmieSiteList
2016-06-14 07:21 - 2013-01-05 14:29 - 00000000 ____D C:\Temp
2016-06-14 06:56 - 2013-04-09 12:46 - 00000000 ___RD C:\Users\New User\Dropbox
2016-06-14 03:20 - 2014-07-27 18:58 - 00000418 _____ C:\windows\Tasks\Defraggler Volume C Task.job
2016-06-13 19:45 - 2009-07-13 17:20 - 00000000 ____D C:\windows\rescache
2016-06-13 18:18 - 2015-02-21 16:22 - 00000000 ____D C:\Users\New User\Documents\Correspondence
2016-06-13 14:45 - 2015-04-04 06:12 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-06-13 14:45 - 2015-04-04 06:12 - 00000000 ___SD C:\windows\system32\GWX
2016-06-13 14:45 - 2014-05-18 13:21 - 00000000 ___SD C:\windows\system32\CompatTel
2016-06-13 14:44 - 2010-11-20 21:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-13 14:15 - 2013-03-14 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-13 14:14 - 2013-03-14 11:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-13 14:14 - 2013-03-14 11:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-13 13:45 - 2012-07-10 11:29 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-06-13 13:45 - 2012-07-10 11:29 - 00001945 _____ C:\windows\epplauncher.mif
2016-06-13 13:44 - 2012-07-10 11:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-06-13 13:44 - 2012-07-10 11:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-06-13 12:42 - 2013-06-18 08:28 - 00000000 ____D C:\Users\New User\AppData\Roaming\vlc
2016-06-13 12:28 - 2015-07-25 17:48 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-06-13 12:27 - 2015-12-26 20:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-13 10:55 - 2013-04-07 15:10 - 00000000 ____D C:\Users\New User\AppData\Roaming\Apple Computer
2016-06-13 10:35 - 2015-02-17 23:09 - 00003896 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3917243199-554470053-2731875590-1000UA
2016-06-13 10:35 - 2012-08-13 11:27 - 00003500 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3917243199-554470053-2731875590-1000Core
2016-06-13 10:13 - 2012-09-22 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-06-13 10:11 - 2015-09-13 22:38 - 00000000 ____D C:\Users\New User\AppData\Local\Dropbox
2016-06-13 10:11 - 2012-11-20 07:46 - 00000000 ____D C:\Users\New User\AppData\Roaming\Dropbox
2016-06-13 10:05 - 2012-03-01 09:39 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-13 10:05 - 2012-03-01 09:39 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2013-01-05 14:36 - 2013-01-05 14:35 - 0003584 _____ () C:\Program Files\1033.MST
2013-01-05 14:36 - 2013-01-05 14:35 - 32268288 _____ () C:\Program Files\MOTOROLA MEDIA LINK.msi
2015-07-13 23:06 - 2015-07-13 23:06 - 6420480 _____ () C:\Program Files (x86)\GUT6991.tmp
2013-01-11 15:13 - 2013-01-11 15:13 - 0022464 _____ (Intel Corporation) C:\Users\New User\AppData\Roaming\JomCap.dll
2015-10-21 16:29 - 2015-10-21 16:29 - 0018653 _____ () C:\Users\New User\AppData\Roaming\UserTile.png
2014-06-19 15:14 - 2015-03-02 15:17 - 0000126 _____ () C:\Users\New User\AppData\Roaming\WB.CFG
2015-07-22 20:39 - 2015-07-22 20:39 - 0000000 ____H () C:\Users\New User\AppData\Local\BIT425.tmp
2014-09-11 20:46 - 2015-03-17 01:58 - 0003584 _____ () C:\Users\New User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-07 14:41 - 2014-09-29 10:46 - 0007604 _____ () C:\Users\New User\AppData\Local\Resmon.ResmonCfg
2015-07-22 20:38 - 2015-07-22 20:38 - 0000000 _____ () C:\Users\New User\AppData\Local\{CECB54E3-CC5D-492E-B762-3FC7F804EE8F}
2013-09-04 10:54 - 2013-09-04 10:54 - 0000000 _____ () C:\ProgramData\222c213d3c333429442337_c
2012-11-30 07:47 - 2012-11-30 07:47 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-08-07 08:49 - 2012-08-07 08:49 - 4608000 _____ () C:\ProgramData\ReadOnlyInstaller.msi
 
Some files in TEMP:
====================
C:\Users\New User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgg0wez.dll
C:\Users\New User\AppData\Local\Temp\uninst.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-13 19:36
 
==================== End of FRST.txt ============================

Attached Files


Edited by JeriSama, 17 June 2016 - 10:29 PM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:02 AM

Posted 19 June 2016 - 06:59 AM

hi,

 

We will get some tools that you can run and go from there, most likely any malware is a separate issue from not being able to update to W10.

Usually only on the site once or twice per day so you may not get a response back from me until the folllowing day.

 

1) AdwCleaner

 

Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2) Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 

    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.


How Can I Reduce My Risk to Malware?


#3 JeriSama

JeriSama
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wai'anae, Hawai'i
  • Local time:01:02 AM

Posted 19 June 2016 - 04:43 PM

# AdwCleaner v5.200 - Logfile created 19/06/2016 at 08:48:00
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-19.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : New User - JERISAMA-PC
# Running from : C:\Users\New User\Downloads\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\windows\SysWOW64\mjcm
[-] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Fast Free Converter
[-] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\New User\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\New User\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
[-] Folder Deleted : C:\windows\SysNative\tprb
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Yahoo!\Common\unyt.exe
[-] File Deleted : C:\windows\fastboot.exe
[-] File Deleted : C:\windows\adb.exe
[#] File Deleted : C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bakijjialdiiboeaknfpmflphhmljfkd
[-] File Deleted : C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4AC9981D-592D-4044-8C0A-8F6FE843D683}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key Deleted : HKCU\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\DefaultTab
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\PricePeep
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\SavingsApp
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\S-1-5-19\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key Deleted : HKU\S-1-5-19\Software\Browser
[-] Key Deleted : HKU\S-1-5-20\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key Deleted : HKU\S-1-5-20\Software\Browser
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{206B0E61-D998-4957-917E-912C2DF3B633}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SearchProtectAll
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dataup
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [12952 bytes] - [19/06/2016 08:48:00]
C:\AdwCleaner\AdwCleaner[R0].txt - [26035 bytes] - [27/07/2014 10:26:07]
C:\AdwCleaner\AdwCleaner[R1].txt - [3108 bytes] - [10/10/2014 11:13:08]
C:\AdwCleaner\AdwCleaner[R2].txt - [13620 bytes] - [03/08/2015 23:07:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [24153 bytes] - [27/07/2014 10:28:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [16882 bytes] - [10/10/2014 11:14:44]
C:\AdwCleaner\AdwCleaner[S2].txt - [13162 bytes] - [03/08/2015 23:09:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [13469 bytes] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/19/2016
Scan Time: 9:43 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.06.19.05
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: New User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406700
Time Elapsed: 1 hr, 32 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 20
PUP.Optional.DefaultTab, HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [4d84e41a247572c40fae3c4b0df5867a], 
PUP.Optional.MixiDJ, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C0C2693D-2EE8-47B4-9DF7-B67A0EE31988}, Quarantined, [21b0de2038618ea860e5672381819f61], 
PUP.Optional.MixiDJ, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C0C2693D-2EE8-47B4-9DF7-B67A0EE31988}, Quarantined, [21b0de2038618ea860e5672381819f61], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [8948d02e3465b77fa1db9defa65c41bf], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [8948d02e3465b77fa1db9defa65c41bf], 
PUP.Optional.IntelliTerm, HKLM\SOFTWARE\WOW6432NODE\IntelliTerm_1.10.0.9, Quarantined, [48890ef042571a1c0506bde257ac649c], 
PUP.Optional.SearchSnacks, HKLM\SOFTWARE\WOW6432NODE\SearchSnacks, Quarantined, [3f92bb43cfcad16584fb2685b54e7789], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{f8794fcc}, Quarantined, [5180708ec6d3e0564d289b0944bf51af], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{ff148bd5}, Quarantined, [0fc2e41a3b5ede5823521b89966d21df], 
PUP.Optional.InstallIQ, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}, Quarantined, [23ae19e51089d660629bfee0847ebd43], 
PUP.Optional.FastFreeConverter, HKLM\SOFTWARE\WOW6432NODE\ZUPDATER\FastFreeConverterUpdt.exe, Quarantined, [6c651ae445549f9717bcb1e84bb8b848], 
PUP.Optional.Cinema, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV02.03-nv, Quarantined, [2fa2a5590a8f74c208c95e3405feac54], 
PUP.Optional.Cinema, HKU\S-1-5-18\SOFTWARE\CinemaP-1.9cV02.03-nv-ie, Quarantined, [973a42bc3267290d1ab7771b59aa669a], 
PUP.Optional.Lyrics, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\SuperLyrics-16, Quarantined, [2ba60ef07f1a2610fac5bce430d3a65a], 
PUP.Optional.Cinema, HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\CinemaP-1.9cV02.03-nv-ie, Quarantined, [468b01fd5940f2440bc6b5dd08fbd62a], 
PUP.Optional.ICinema, HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\I - Cinema-nv-ie, Quarantined, [f9d89e60aced181e2b97831a6d96da26], 
PUP.Optional.GetSavin, HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\APPDATALOW\SOFTWARE\GetSavin, Quarantined, [d9f822dc86130234c8e2dbc0a75c7b85], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PBOFIBGAMHKGOONAOCFGEMNCGHHADMGB, Quarantined, [349de11d0990290d93dd666b56acdd23], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2AF6EE19-C748-4874-8964-DE6E64EB62F5}, Quarantined, [577acf2f0a8fd85e607ba8eec043ff01], 
PUP.Optional.CrossRider, HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E6A95C4-4294-4C2C-A298-D9B91267E1C1}, Quarantined, [5c75b648dabfb77f914b3b5b867dbb45], 
 
Registry Values: 10
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [8a47f30ba7f258de87221a9df112be42]
PUP.Optional.SpeedBrowser, HKLM\SOFTWARE\REGISTEREDAPPLICATIONS|speed browser, Software\Clients\StartMenuInternet\speed browser\Capabilities, Quarantined, [428f9a642d6c83b32e5426ac31d2b34d]
PUP.Optional.Taplika, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Taplika\\, Quarantined, [f4dd18e6fd9c77bfa581cbe5946f946c]
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [38991fdf4e4b5bdbe0c99f1819ea45bb]
PUP.Optional.SpeedBrowser, HKLM\SOFTWARE\WOW6432NODE\REGISTEREDAPPLICATIONS|speed browser, Software\Clients\StartMenuInternet\speed browser\Capabilities, Quarantined, [11c0a7570594a2947c06557d06fdff01]
PUP.Optional.SpeedBrowser, HKU\S-1-5-18\SOFTWARE\CLIENTS\STARTMENUINTERNET, speed browser, Quarantined, [329f3fbf08914aec91ebc01241c2af51]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pbofibgamhkgoonaocfgemncghhadmgb|path, C:\Users\New User\AppData\Local\CRE\pbofibgamhkgoonaocfgemncghhadmgb.crx, Quarantined, [349de11d0990290d93dd666b56acdd23]
PUP.Optional.CrossRider, HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2AF6EE19-C748-4874-8964-DE6E64EB62F5}|AppName, SuperLyrics-16-enabler.exe-buttonutil.exe, Quarantined, [577acf2f0a8fd85e607ba8eec043ff01]
PUP.Optional.CrossRider, HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E6A95C4-4294-4C2C-A298-D9B91267E1C1}|AppName, SuperLyrics-16-enabler.exe-codedownloader.exe, Quarantined, [5c75b648dabfb77f914b3b5b867dbb45]
PUP.Optional.SocialPrivacy, HKU\S-1-5-21-3917243199-554470053-2731875590-1000\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|sp@sp.com, C:\Program Files (x86)\Social Privacy\FF\, Quarantined, [9b36c83650495adc590b713c719239c7]
 
Registry Data: 1
PUP.Optional.BDYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sw__alt__ddc_dsssyc_bd_com, Good: (www.google.com), Bad: (http://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-sw__alt__ddc_dsssyc_bd_com),Replaced,[f3de8f6f1e7bb87e8a38402df31128d8]
 
Folders: 7
PUP.Optional.ConvertAd.Gen, C:\Users\New User\AppData\Roaming\9B45D880-1425308552-11E1-93C8-047D7B6646C7, Quarantined, [b71a7e80debb7fb7be4efa8d3bc8c33d], 
PUP.Optional.SweetIM, C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}, Quarantined, [fcd55ca2f6a3a6907fd503acd231ba46], 
PUP.Optional.VBates, C:\Users\New User\AppData\LocalLow\Company\Product\1.0, Quarantined, [c908738be9b024126fc04676956ead53], 
PUP.Optional.VBates, C:\Users\New User\AppData\LocalLow\Company\Product, Quarantined, [c908738be9b024126fc04676956ead53], 
PUP.Optional.ExpressFind, C:\Program Files (x86)\Common Files\77790361-426c-4fa2-8cf3-5994543d685d, Quarantined, [e3ee38c6079247efdca2238827dbf10f], 
PUP.Optional.ExpressFind, C:\Program Files (x86)\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater, Quarantined, [e3ee38c6079247efdca2238827dbf10f], 
PUP.Optional.SuperLyrics, C:\Users\New User\AppData\LocalLow\SuperLyrics-16, Quarantined, [f3de16e8dcbd23133d462690828058a8], 
 
Files: 15
PUP.Optional.WeCare, C:\ProgramData\ReadOnlyInstaller.msi, Quarantined, [a9288a7483164de93a2ded35669ac43c], 
PUP.Optional.Conduit, C:\ProgramData\ZalmanInstaller_5233\otshotcomponent44.exe, Quarantined, [a62b22dc8a0f92a48481bafa0100768a], 
PUP.Optional.CouponDownloader, C:\Temp\t_ff.exe, Quarantined, [59788579cdcc70c6906c0d1313edef11], 
PUP.Optional.CouponDownloader, C:\Temp\t_ie.exe, Quarantined, [7b56fe00bbde4cea669625fbbb45bd43], 
PUP.Optional.ConvertAd.Gen, C:\Users\New User\AppData\Roaming\9B45D880-1425308552-11E1-93C8-047D7B6646C7\jnsuBBA5.tmp, Quarantined, [b71a7e80debb7fb7be4efa8d3bc8c33d], 
PUP.Optional.ConvertAd.Gen, C:\Users\New User\AppData\Roaming\9B45D880-1425308552-11E1-93C8-047D7B6646C7\nsz4C88.tmpfs, Quarantined, [b71a7e80debb7fb7be4efa8d3bc8c33d], 
PUP.Optional.ConvertAd.Gen, C:\Users\New User\AppData\Roaming\9B45D880-1425308552-11E1-93C8-047D7B6646C7\rnse8D41.exe, Quarantined, [b71a7e80debb7fb7be4efa8d3bc8c33d], 
PUP.Optional.ConvertAd.Gen, C:\Users\New User\AppData\Roaming\9B45D880-1425308552-11E1-93C8-047D7B6646C7\Uninstall.exe, Quarantined, [b71a7e80debb7fb7be4efa8d3bc8c33d], 
PUP.Optional.ConvertAd.Gen, C:\Users\New User\AppData\Roaming\9B45D880-1425308552-11E1-93C8-047D7B6646C7\vnsjABB0.tmp, Quarantined, [b71a7e80debb7fb7be4efa8d3bc8c33d], 
PUP.Optional.SweetIM, C:\Users\New User\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx, Quarantined, [fcd55ca2f6a3a6907fd503acd231ba46], 
PUP.Optional.Taplika, C:\Users\New User\AppData\LocalLow\Microsoft\Internet Explorer\Services\FavIcon.icoWSE_Taplika, Quarantined, [c20f708e6a2ffb3b7c9dbef25fa43ec2], 
PUP.Optional.VBates, C:\Users\New User\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, Quarantined, [c908738be9b024126fc04676956ead53], 
PUP.Optional.VBates, C:\Users\New User\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, Quarantined, [c908738be9b024126fc04676956ead53], 
PUP.Optional.ExpressFind, C:\Program Files (x86)\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater.bak, Quarantined, [e3ee38c6079247efdca2238827dbf10f], 
Trojan.Injector.BHO, C:\settings.ini, Quarantined, [765b9e609ffac6707eb54b450df7a759], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 JeriSama

JeriSama
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wai'anae, Hawai'i
  • Local time:01:02 AM

Posted 19 June 2016 - 04:45 PM

Thank you for your taking the time to help me and I really appreciate this.

 

I also wanted to let you know that Microsoft Security Essentials is still popping up with a notification that the original Hadsruda!bit is still coming up detected.

 

JeriSama


Edited by JeriSama, 19 June 2016 - 04:46 PM.


#5 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:02 AM

Posted 19 June 2016 - 06:12 PM

ok your welcome. Looks like you had quite a bit of PUP type stuff installed.  Does MSE provide the path to the file? Could you physically locate the file? Could be a false positive.


How Can I Reduce My Risk to Malware?


#6 JeriSama

JeriSama
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wai'anae, Hawai'i
  • Local time:01:02 AM

Posted 19 June 2016 - 06:23 PM

Unsure as how to read it, because I did a search for win32 and couldn't find the folder (then too, I'm not sure if I'm reading it correctly).
 
Attached is a screen shot of the window that pops up.
 
Jer

Attached Files



#7 JeriSama

JeriSama
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wai'anae, Hawai'i
  • Local time:01:02 AM

Posted 19 June 2016 - 06:37 PM

Here is the MSE Window in more detail; apparently it is located in a FRST quarantined folder?  

 

The status that you see it at is where it freezes and I can never move forward.  Please help.

 

Jer

Attached Files



#8 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:02 AM

Posted 19 June 2016 - 06:47 PM

Is MSE up to date. Appears to be a false positive. I didnt read all the threads, it goes several pages deep. You might be able to add an exception in the software to ignore it. You can also do a online scan if you want another opinion.

http://www.eset.co.uk/Antivirus-Utilities/Online-Scanner#

​Easiest to use IE, other browsers require a special download

​topic link:

http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/why-is-defender-telling-me-i-have-hadsrudabit/44feea2a-a5a6-437a-b527-f689a7a61c67?page=2


Edited by shelf life, 19 June 2016 - 06:51 PM.

How Can I Reduce My Risk to Malware?


#9 JeriSama

JeriSama
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wai'anae, Hawai'i
  • Local time:01:02 AM

Posted 19 June 2016 - 07:09 PM

I went into MSE and removed all quarantined items and all possible threats and there seems to be no problems now.

 

Now about upgrading to W10, what do you suggest I do?

 

Jer



#10 JeriSama

JeriSama
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wai'anae, Hawai'i
  • Local time:01:02 AM

Posted 19 June 2016 - 07:14 PM

I take that back; I just got another MSE Notification that it's still there.  How do I go about and make that exception that you were talking about? 



#11 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:02 AM

Posted 19 June 2016 - 07:24 PM

in one of your screenshots it says; Select an Action. Is there a option in there or maybe in the settings tab in the main MSE window?


How Can I Reduce My Risk to Malware?


#12 JeriSama

JeriSama
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wai'anae, Hawai'i
  • Local time:01:02 AM

Posted 19 June 2016 - 07:38 PM

Yes, the choices are REMOVE, QUARANTINE or ALLOW.

 

I've tried removing it, and I have tried quarantining it but the notifications keep coming up.  I am weary about just allowing it.  I've gone to the Microsoft website and the specific name of this medium threat is specifically Win32/Hadsruda!bit, if that makes any difference.  Additionally, the Microsoft Website tells me that MSE should remove it, but mines does not.  

 

I got my info from 

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Program%3aWin32%2fHadsruda!bit&threatid=213971&enterprise=0


Edited by JeriSama, 19 June 2016 - 07:39 PM.


#13 shelf life

shelf life

  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:02 AM

Posted 19 June 2016 - 08:13 PM

MBAM didnt flag it. To get confirmation on it that it may be real -and not a false positive- you should do the ESET on line scan and take note of what it removes. I will find out if theres a way to ignore the finding in MSE so it stops annoying you- if it is really a false positive.

 

You can also run JRT.exe since you had alot of what it targets (PUPS)

I wont be back on this site for 16 hrs or so. Hang in there.

 

Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as     administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically     open.
    Post the contents of JRT.txt into your next message


How Can I Reduce My Risk to Malware?


#14 JeriSama

JeriSama
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wai'anae, Hawai'i
  • Local time:01:02 AM

Posted 19 June 2016 - 09:00 PM

Thank you for all your help; I am running the ESET online scan and the JRT as we speak and will convene with you tomorrow afternoon Hawai'i time.

 

Jer 



#15 JeriSama

JeriSama
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wai'anae, Hawai'i
  • Local time:01:02 AM

Posted 20 June 2016 - 02:18 AM

ESET Online Scan:

 

(The first three in red were not deleted)

 

C:\ProgramData\InstallMate\{19355D02-0E24-4300-B23F-EC963C772066}\_Setupx.dll a variant of Win32/InstalleRex.U potentially unwanted application
C:\Users\All Users\InstallMate\{19355D02-0E24-4300-B23F-EC963C772066}\_Setupx.dll a variant of Win32/InstalleRex.U potentially unwanted application
C:\Users\New User\AppData\Roaming\uTorrent\updates\3.3.1_30017.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
 
C:\AdwCleaner\FileQuarantine\C\windows\SysNative\tprb\dnkt.exe.vir a variant of Win64/Toolbar.Perion.D potentially unwanted application cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\windows\SysNative\tprb\5119\nsib.dll.vir a variant of Win64/Toolbar.Perion.D potentially unwanted application cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\windows\SysWOW64\mjcm\dnkt.exe.vir a variant of Win32/Toolbar.Perion.H potentially unwanted application cleaned by deleting
C:\AdwCleaner\FileQuarantine\C\windows\SysWOW64\mjcm\5119\nsib.dll.vir a variant of Win32/Toolbar.Perion.H potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\004\rqpbhevlkc64.exe.vir a variant of Win64/Adware.Adpeak.C application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\DGChrome.exe.vir a variant of Win32/Toolbar.Perion.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension32.dll.vir a variant of Win32/Toolbar.Perion.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension64.dll.vir a variant of Win64/Toolbar.Perion.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe.vir a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\InstallerHelper.dll.vir a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js.bak.vir Win32/Toolbar.Perion.K potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js.vir Win32/Toolbar.Perion.K potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3277484\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3303002\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Express Find\Extensions\d39539bb-f65e-4088-a9d1-6e5f01a42a3e.dll.vir a variant of Win32/BrowseFox.BA potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Helper\FileTypeHelper_assoc.exe.vir MSIL/FileTypeHelper.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\GreenerWebUninstall.exe.vir Win32/BrowseFox.DC potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\updateGreenerWeb.exe.vir a variant of Win32/BrowseFox.H potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\GreenerWeb.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.I potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\GreenerWeb.PurBrowse64.exe.vir a variant of Win64/BrowseFox.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\GreenerWebBAApp.dll.vir a variant of Win32/BrowseFox.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe.vir a variant of Win32/BrowseFox.H potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\{a3f28269-ad17-41a8-b032-3e0313ef8979}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\plugins\GreenerWeb.Bromon.dll.vir a variant of Win64/BrowseFox.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\plugins\GreenerWeb.BroStats.dll.vir a variant of Win64/BrowseFox.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\plugins\GreenerWeb.BrowserAdapterS.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\plugins\GreenerWeb.CompatibilityChecker.dll.vir a variant of Win64/BrowseFox.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\plugins\GreenerWeb.FeSvc.dll.vir a variant of Win64/BrowseFox.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\plugins\GreenerWeb.FFUpdate.dll.vir a variant of MSIL/BrowseFox.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\plugins\GreenerWeb.IEUpdate.dll.vir a variant of Win64/BrowseFox.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\plugins\GreenerWeb.PurBrowse.dll.vir a variant of Win64/BrowseFox.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Greener Web\bin\plugins\GreenerWeb.PurBrowseG.dll.vir a variant of Win64/BrowseFox.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\internethelper3.1\hk64tbInt0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\internethelper3.1\hk64tbInte.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\internethelper3.1\hktbInt0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\internethelper3.1\hktbInte.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\internethelper3.1\InternetHelper3.1ToolbarHelper1.exe.vir Win32/Toolbar.Conduit.V potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\internethelper3.1\ldrtbInt0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\internethelper3.1\ldrtbInte.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\internethelper3.1\prxtbInt0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\internethelper3.1\prxtbInte.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\internethelper3.1\tbInt0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\internethelper3.1\tbInte.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\internethelper3.1\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\w3i\InstallIQUpdater\InstallIQUpdater.exe.vir Win32/InstallIQ.C potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\IE\priam_bho.dll.vir a variant of Win32/Wajam.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\update.exe.vir Win32/Wajam.AI potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\WajamUpdater.exe.vir Win32/Wajam.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3289663\UninstallerUI.exe.vir Win32/Toolbar.Conduit.AJ potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3303002\UninstallerUI.exe.vir Win32/Toolbar.Conduit.AJ potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Local\Conduit\CT3289663\InternetHelper3.1AutoUpdateHelper.exe.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Local\getsavin\ie\getsavin_1361170502.dll.vir a variant of Win32/Adware.CouponAmazing.A application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\LocalLow\internethelper3.1\hk64tbInt0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\LocalLow\internethelper3.1\hk64tbInte.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\LocalLow\internethelper3.1\hktbInt0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\LocalLow\internethelper3.1\hktbInte.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\LocalLow\internethelper3.1\ldrtbInt0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\LocalLow\internethelper3.1\ldrtbInte.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\LocalLow\internethelper3.1\tbInt0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\LocalLow\internethelper3.1\tbInt1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\LocalLow\internethelper3.1\tbInte.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Roaming\OpenCandy\131C6E2C62A14CA78B2414AEB64491A0\pcmechanicpmUS_p1v2.exe.vir a variant of Win32/UniBlue.F potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Roaming\OpenCandy\537FFE6E64454197B1A7CE1B57658159\setup0318.exe.vir a variant of Win32/BrowseFox.BL potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Roaming\SearchProtect\bin\ChromeModule.dll.vir a variant of Win32/Conduit.SearchProtect.C potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Roaming\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll.vir a variant of Win32/Conduit.SearchProtect.C potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll.vir a variant of Win32/Conduit.SearchProtect.C potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Roaming\SearchProtect\bin\SPHook32.dll.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Roaming\SearchProtect\bin\SPRunner.exe.vir a variant of Win32/Conduit.SearchProtect.D potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Roaming\SearchProtect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\New User\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\windows\System32\dmwu.exe.vir a variant of Win64/Toolbar.Perion.D potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys.vir a variant of Win64/BrowseFox.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys.vir a variant of Win64/BrowseFox.AC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\windows\System32\ljkb\lmrn.dll.vir a variant of Win64/Toolbar.Perion.D potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\windows\System32\ljkb\stij.exe.vir a variant of Win64/Toolbar.Perion.D potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\ARFC\wrtc.exe.vir a variant of Win32/Toolbar.Perion.H potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\jmdp\lmrn.dll.vir a variant of Win32/Toolbar.Perion.P potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\jmdp\stij.exe.vir a variant of Win32/Toolbar.Perion.P potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\WNLT\Installation\HSChromeRegSetup.exe.vir Win32/Toolbar.Perion.I potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\WNLT\Installation\SKSetup.exe.vir a variant of Win32/Toolbar.Perion.H potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\WNLT\Installation\WSSetup.exe.vir a variant of Win64/Toolbar.Perion.D potentially unwanted application deleted
C:\Documents and Settings\All Users\InstallMate\{19355D02-0E24-4300-B23F-EC963C772066}\_Setupx.dll a variant of Win32/InstalleRex.U potentially unwanted application cleaned by deleting
C:\Documents and Settings\New User\AppData\Roaming\uTorrent\updates\3.3.1_30017.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files\shopperz\krios.dll a variant of Win32/Toolbar.Perion.V potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files\shopperz\krios64.dll a variant of Win64/Toolbar.Perion.G potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Program Files (x86)\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater.exe.xBAD a variant of Win32/BrowseFox.AU potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.bak a variant of Win32/BrowseFox.AU potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe a variant of Win32/BrowseFox.AU potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\2\Plugin.exe a variant of Win32/BrowseFox.BL potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\2bak\Plugin.exe a variant of Win32/BrowseFox.BL potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3\Plugin.exe a variant of Win32/BrowseFox.AF potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3bak\Plugin.exe a variant of Win32/BrowseFox.AF potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\4\Plugin.exe a variant of Win32/BrowseFox.BL potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\4bak\Plugin.exe a variant of Win32/BrowseFox.BL potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5\Plugin.exe a variant of Win32/BrowseFox.BL potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5bak\Plugin.exe a variant of Win32/BrowseFox.BL potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\6\Plugin.exe a variant of Win32/BrowseFox.CZ potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\6bak\Plugin.exe a variant of Win32/BrowseFox.CZ potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7\Plugin.exe a variant of Win32/BrowseFox.AF potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7\resources\34.0.5.dll a variant of Win32/BrowseFox.CF potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7\resources\38.0.5.dll a variant of Win32/BrowseFox.CF potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7\resources\39.0.0.dll a variant of Win32/BrowseFox.CF potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7bak\Plugin.exe a variant of Win32/BrowseFox.AF potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7bak\resources\34.0.5.dll a variant of Win32/BrowseFox.CF potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7bak\resources\38.0.5.dll a variant of Win32/BrowseFox.CF potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7bak\resources\39.0.0.dll a variant of Win32/BrowseFox.CF potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\8\Plugin.exe a variant of Win32/BrowseFox.CZ potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\8bak\Plugin.exe a variant of Win32/BrowseFox.CZ potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\CFvZAfrKU\dat\fQqNYFyv.dll a variant of MSIL/Adware.PullUpdate.K.gen application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\CFvZAfrKU\dat\YZBqYcgNe.exe a variant of MSIL/Adware.PullUpdate.G.gen application cleaned by deleting
C:\FRST\Quarantine\C\ProgramData\{d9a6106a-1c74-cc0f-d9a6-6106a1c741a8}\SuperOptimizerInstaller.exe.xBAD Win32/Adware.SpeedingUpMyPC.Y application cleaned by deleting
C:\FRST\Quarantine\C\Users\New User\AppData\Local\nsr5816.tmp.xBAD Win32/VOPackage.BC potentially unwanted application deleted
C:\FRST\Quarantine\C\Users\New User\AppData\Local\nsu3D9F.tmp.xBAD Win32/VOPackage.BC potentially unwanted application deleted
C:\FRST\Quarantine\C\Users\New User\AppData\Local\gmsd_us_265\Download\majmp_gentleeeuu.exe multiple threats cleaned by deleting (after the next restart)
C:\FRST\Quarantine\C\Users\New User\AppData\Local\SmartWeb\SmartWebApp.exe a variant of Win32/PriceGong.C potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Users\New User\AppData\Local\SmartWeb\swhk.dll a variant of Win32/PriceGong.C potentially unwanted application cleaned by deleting
C:\FRST\Quarantine\C\Users\New User\AppData\Local\SmartWeb\__u.exe a variant of Win32/PriceGong.C potentially unwanted application deleted
C:\FRST\Quarantine\C\Users\New User\AppData\Roaming\9B45D880-1425313884-11E1-93C8-047D7B6646C7\Uninstall.exe Win32/Adware.ConvertAd.BS application cleaned by deleting
C:\FRST\Quarantine\C\Users\New User\AppData\Roaming\9B45D880-1425313884-11E1-93C8-047D7B6646C7\vnsoEDEB.tmp a variant of Win32/Adware.ConvertAd.KZ.gen application cleaned by deleting
C:\FRST\Quarantine\C\windows\rcore.exe.xBAD a variant of Win32/Agent.WGA trojan cleaned by deleting
C:\FRST\Quarantine\C\windows\SysWOW64\BDL.dll.xBAD a variant of Win32/Packed.Komodia.A suspicious application cleaned by deleting
 
 
 
JRT.txt
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64 
Ran by New User (Administrator) on Sun 06/19/2016 at 21:03:18.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 29 
 
Successfully deleted: C:\ProgramData\Start Menu\Programs\pluto tv (Folder) 
Successfully deleted: C:\Users\New User\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Program Files (x86)\GUT6991.tmp (File) 
Successfully deleted: C:\Users\New User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IQON8U3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\New User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JLYRQXS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\New User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KL3Q0UJZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\New User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2HJKGTR (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IQON8U3 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JLYRQXS (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KL3Q0UJZ (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2HJKGTR (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\SysWOW64\sho14A8.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho15B3.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho1832.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho1870.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho2190.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho4D74.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho58AA.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho6885.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho7DC8.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho9C3A.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoA083.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoAC1A.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoBDD5.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoC36E.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoC90C.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoD07.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoD0BE.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoD3D3.tmp (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/19/2016 at 21:06:18.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users