Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slowed down and firefox homepage change


  • This topic is locked This topic is locked
10 replies to this topic

#1 KBEAST

KBEAST

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 17 September 2016 - 12:58 PM

Hi,

 

Even my homepage is set to google, it starts with something like start-page.pw and I can't trace it to remove this.

 

Initial boot up takes like up to 5 min now and sometimes my internet connect errors and says it has been reset and blocks google and some of the public websites. 

 

I do notice some slowness when I browse too.

 

This all happen when I attempted download this software but I removed it but, somethings still left behind.

 

thanks for the help.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 18 September 2016 - 08:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#3 KBEAST

KBEAST
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 19 September 2016 - 01:13 PM

Hi,

 

Firefox now shows file:///C:/PROGRA~2/MOZILL~1/ as homepage.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/19/2016
Scan Time: 1:04 AM
Logfile: History.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.19.02
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 405409
Time Elapsed: 17 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe, 4524, , [06f8343f72286acce052a79b9968b34d]

Modules: 1
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\MPLSettings.dll, , [d7276e057624ec4a22f415ae3ec5d12f],

Registry Keys: 2
PUP.Optional.MalwareProtection, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MalwareProtectionLive, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.Spigot, HKU\S-1-5-21-2116333086-45548962-528574141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E994CF24-35CF-48C6-A406-28BD3EED07C0}, , [d42a5b185644e84e43edb0066a99659b],

Registry Values: 2
PUP.Optional.MalwareProtection, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MalwareProtectionLive, C:\Users\John\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe, , [06f8343f72286acce052a79b9968b34d]
PUP.Optional.Spigot, HKU\S-1-5-21-2116333086-45548962-528574141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E994CF24-35CF-48C6-A406-28BD3EED07C0}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=756901&p={searchTerms}, , [d42a5b185644e84e43edb0066a99659b]

Registry Data: 1
PUP.Optional.Spigot, HKU\S-1-5-21-2116333086-45548962-528574141-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.yahoo.com/?type=756901&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (https://search.yahoo.com/?type=756901&fr=spigot-yhp-ie),,[d628ed86554570c67cc75e1a02021de3]

Folders: 4
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\quarantine, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.Wajam.Gen, C:\Program Files\e956632dc27a5fc4fd8240e1ad55eb98\4bc50d4d32cfdddb881a944c69e20fa0, , [639bb8bbd5c5290dd9d918dc24df5fa1],
PUP.Optional.Wajam.Gen, C:\Program Files\e956632dc27a5fc4fd8240e1ad55eb98, , [639bb8bbd5c5290dd9d918dc24df5fa1],

Files: 27
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe, , [06f8343f72286acce052a79b9968b34d],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\MalwareProtectionClient.exe.config, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\certificates, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\certificates_filter, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\domains, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\DotNetCheck.exe, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\DotNetCheck.exe.config, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\extensions, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\extensions_filter, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\log.txt, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\MPLSettings.dll, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\uninstall.exe, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Local\MalwareProtectionLive\userinfo.dat, , [d7276e057624ec4a22f415ae3ec5d12f],
PUP.Optional.MalwareProtection, C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk, , [f20c5c174a501a1c9582b2114cb7b44c],
PUP.Optional.Wajam.Gen, C:\Program Files\e956632dc27a5fc4fd8240e1ad55eb98\4bc50d4d32cfdddb881a944c69e20fa0\cee62a2e5bc8bacd983cea6e6ef2dde2.ico, , [639bb8bbd5c5290dd9d918dc24df5fa1],
PUP.Optional.Wajam.Gen, C:\Program Files\e956632dc27a5fc4fd8240e1ad55eb98\4bc50d4d32cfdddb881a944c69e20fa0\f36a8e8af673a7a087c41ae3b7a79ce0.ico, , [639bb8bbd5c5290dd9d918dc24df5fa1],
PUP.Optional.Wajam.Gen, C:\Program Files\e956632dc27a5fc4fd8240e1ad55eb98\4bc50d4d32cfdddb881a944c69e20fa0\f614849563429443c0e0d11c25c5baea.ico, , [639bb8bbd5c5290dd9d918dc24df5fa1],
PUP.Optional.Wajam.Gen, C:\Program Files\e956632dc27a5fc4fd8240e1ad55eb98\6378c074949e3c750742cac6f29d7817.exe, , [639bb8bbd5c5290dd9d918dc24df5fa1],
PUP.Optional.Wajam.Gen, C:\Program Files\e956632dc27a5fc4fd8240e1ad55eb98\d716f55a24327f3c9e80c9778f33974c.exe, , [639bb8bbd5c5290dd9d918dc24df5fa1],
PUP.Optional.Wajam.Gen, C:\Program Files\e956632dc27a5fc4fd8240e1ad55eb98\e00c509ece146783ef7fc19fb188d95e, , [639bb8bbd5c5290dd9d918dc24df5fa1],
PUP.Optional.Wajam.Gen, C:\Program Files\e956632dc27a5fc4fd8240e1ad55eb98\f614849563429443c0e0d11c25c5baea.ico, , [639bb8bbd5c5290dd9d918dc24df5fa1],
PUP.Optional.BrowserHijack.ShrtCln, C:\Program Files (x86)\Google\Chrome\Application\chrome.bat, Good: (), Bad: (http://start-page.pw"), ,[7688cba8dac00f272b96118ef1138f71]
PUP.Optional.BrowserHijack.ShrtCln, C:\Program Files (x86)\Internet Explorer\iexplore.bat, Good: (), Bad: (http://start-page.pw"), ,[08f6502301994cea43800a95a75d7888]
PUP.Optional.BrowserHijack.ShrtCln, C:\Program Files (x86)\Mozilla Firefox\firefox.bat, Good: (), Bad: (http://start-page.pw"), ,[fa04e3903367c5716361d6c9768e38c8]
PUP.Optional.BrowserHijack.ShrtCln, C:\Program Files\Internet Explorer\iexplore.bat, Good: (), Bad: (http://start-page.pw"), ,[a5595e15cad06cca576c039c06fe29d7]
PUP.Optional.Spigot, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vnv45oie.default-1453785202500\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=756901&p=");), ,[c23c2f44a9f13402e967a9f016eef30d]
PUP.Optional.Spigot, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vnv45oie.default-1453785202500\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "https://search.yahoo.com/?type=756901&fr=spigot-), ,[03fbabc88e0c50e680e0bde23cc8ec14]

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

# AdwCleaner v6.020 - Logfile created 19/09/2016 at 13:31:24
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-19.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\adwcleaner_6.020.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.startup.homepage" -  "hxxps://search.yahoo.com/?type=756901&fr=spigot-yhp-ff www.google.com"
[-] Chrome preferences cleaned: "keyword.URL" -  "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=756901&p="
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C10].txt - [3396 Bytes] - [02/01/2016 11:51:35]
C:\AdwCleaner\AdwCleaner[C11].txt - [2939 Bytes] - [07/08/2016 13:13:44]
C:\AdwCleaner\AdwCleaner[C12].txt - [2984 Bytes] - [03/09/2016 16:06:56]
C:\AdwCleaner\AdwCleaner[C13].txt - [3132 Bytes] - [07/09/2016 22:27:36]
C:\AdwCleaner\AdwCleaner[C14].txt - [3280 Bytes] - [10/09/2016 10:53:58]
C:\AdwCleaner\AdwCleaner[C15].txt - [5233 Bytes] - [17/09/2016 12:34:31]
C:\AdwCleaner\AdwCleaner[C16].txt - [1687 Bytes] - [19/09/2016 13:31:24]
C:\AdwCleaner\AdwCleaner[C1].txt - [2706 Bytes] - [27/03/2016 00:50:16]
C:\AdwCleaner\AdwCleaner[C2].txt - [2456 Bytes] - [06/04/2016 11:14:55]
C:\AdwCleaner\AdwCleaner[C3].txt - [3296 Bytes] - [17/04/2016 15:20:12]
C:\AdwCleaner\AdwCleaner[C4].txt - [6912 Bytes] - [15/10/2015 00:01:17]
C:\AdwCleaner\AdwCleaner[C5].txt - [3580 Bytes] - [21/10/2015 21:17:15]
C:\AdwCleaner\AdwCleaner[C6].txt - [5009 Bytes] - [03/11/2015 00:32:22]
C:\AdwCleaner\AdwCleaner[C7].txt - [3603 Bytes] - [10/12/2015 23:36:04]
C:\AdwCleaner\AdwCleaner[C8].txt - [3392 Bytes] - [17/12/2015 23:48:38]
C:\AdwCleaner\AdwCleaner[C9].txt - [3392 Bytes] - [28/12/2015 13:19:38]
C:\AdwCleaner\AdwCleaner[R0].txt - [2298 Bytes] - [03/01/2014 21:21:40]
C:\AdwCleaner\AdwCleaner[R1].txt - [7472 Bytes] - [31/05/2014 11:34:32]
C:\AdwCleaner\AdwCleaner[R2].txt - [1017 Bytes] - [07/06/2014 17:52:55]
C:\AdwCleaner\AdwCleaner[S0].txt - [2403 Bytes] - [03/01/2014 21:23:19]
C:\AdwCleaner\AdwCleaner[S10].txt - [3214 Bytes] - [28/12/2015 13:16:38]
C:\AdwCleaner\AdwCleaner[S11].txt - [3428 Bytes] - [02/01/2016 11:45:35]
C:\AdwCleaner\AdwCleaner[S12].txt - [3204 Bytes] - [03/09/2016 16:06:43]
C:\AdwCleaner\AdwCleaner[S13].txt - [3352 Bytes] - [07/09/2016 22:27:05]
C:\AdwCleaner\AdwCleaner[S14].txt - [3500 Bytes] - [10/09/2016 10:51:08]
C:\AdwCleaner\AdwCleaner[S15].txt - [5027 Bytes] - [17/09/2016 12:33:41]
C:\AdwCleaner\AdwCleaner[S16].txt - [4190 Bytes] - [19/09/2016 13:30:51]
C:\AdwCleaner\AdwCleaner[S1].txt - [9753 Bytes] - [31/05/2014 11:42:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [3373 Bytes] - [07/06/2014 17:54:11]
C:\AdwCleaner\AdwCleaner[S3].txt - [3098 Bytes] - [17/04/2016 13:19:20]
C:\AdwCleaner\AdwCleaner[S4].txt - [6515 Bytes] - [14/10/2015 23:59:49]
C:\AdwCleaner\AdwCleaner[S5].txt - [3414 Bytes] - [21/10/2015 21:16:16]
C:\AdwCleaner\AdwCleaner[S6].txt - [4745 Bytes] - [03/11/2015 00:27:06]
C:\AdwCleaner\AdwCleaner[S7].txt - [3199 Bytes] - [25/11/2015 11:51:46]
C:\AdwCleaner\AdwCleaner[S8].txt - [3420 Bytes] - [10/12/2015 19:46:02]
C:\AdwCleaner\AdwCleaner[S9].txt - [3212 Bytes] - [17/12/2015 23:46:19]

########## EOF - C:\AdwCleaner\AdwCleaner[C16].txt - [3885 Bytes] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2016
Ran by John (administrator) on JOHN-PC (19-09-2016 14:04:16)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\xampp\mysql\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-06-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25347616 2016-09-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-2116333086-45548962-528574141-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-2116333086-45548962-528574141-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2116333086-45548962-528574141-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-2116333086-45548962-528574141-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1191936 2015-11-19] (Polar Electro Oy)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-07] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8F31FDD3-721F-41D6-91F9-12BEE579185C}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2116333086-45548962-528574141-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2116333086-45548962-528574141-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2116333086-45548962-528574141-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-2116333086-45548962-528574141-1001 -> DefaultScope {E994CF24-35CF-48C6-A406-28BD3EED07C0} URL =
SearchScopes: HKU\S-1-5-21-2116333086-45548962-528574141-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2116333086-45548962-528574141-1001 -> {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20110824&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-2116333086-45548962-528574141-1001 -> {D48DC695-82FF-4DDF-BD9E-6FE6ECFF2110} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-09-07] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-04-02] (DivX, LLC)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-07] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-20] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vnv45oie.default-1453785202500
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-06-13] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-04-02] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-11] (NVIDIA Corporation)
FF Plugin-x32: @peeringportal.com/AOD -> C:\Windows\nppeeraod.dll [2009-09-28] (Peering Portal, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-13] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2116333086-45548962-528574141-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\John\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-09-01] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2008-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2008-08-16] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-07-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-07-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-07-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-07-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-07-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2014-07-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2008-06-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2008-08-16] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\John\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-09-19] (Cisco WebEx LLC)
FF Extension: (Web Developer) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vnv45oie.default-1453785202500\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-08-19]
FF Extension: (Firebug) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vnv45oie.default-1453785202500\Extensions\firebug@software.joehewitt.com.xpi [2016-06-08]
FF Extension: (Firefox Hotfix) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vnv45oie.default-1453785202500\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-08]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-07]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-04-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2016-09-19]
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-03]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-03]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-05-03]
CHR Extension: (Yahoo Partner) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-09-03]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-03]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-04-02]
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2014-07-17] (Apache Software Foundation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-07] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-11-16] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-13] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-09-12] (Windows ® Win 7 DDK provider)
R2 DeviceMonitorService; C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe [81920 2010-11-05] (Nero AG) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 mysql; C:\xampp\mysql\bin\mysqld.exe [10982912 2014-07-18] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-09-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-09-07] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2011-12-11] (Kings Information & Network)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-19 14:04 - 2016-09-19 14:04 - 00028682 _____ C:\Users\John\Desktop\FRST.txt
2016-09-19 14:01 - 2016-09-19 14:01 - 00003965 _____ C:\Users\John\Desktop\AdwCleaner[C16].txt
2016-09-19 13:28 - 2016-09-19 13:28 - 03861056 _____ C:\Users\John\Desktop\adwcleaner_6.020.exe
2016-09-19 01:23 - 2016-09-19 01:23 - 00007294 _____ C:\Users\John\Desktop\History.txt
2016-09-19 01:02 - 2016-09-19 01:02 - 02400256 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2016-09-17 18:58 - 2016-09-17 18:58 - 00000000 ____D C:\Users\John\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2016-09-17 18:56 - 2016-09-17 18:56 - 00091808 _____ (Azureus Software, Inc.) C:\Users\John\Downloads\VuzeBittorrentClientInstaller.exe
2016-09-17 12:27 - 2016-09-17 12:28 - 00208274 _____ C:\TDSSKiller.3.1.0.11_17.09.2016_12.27.24_log.txt
2016-09-17 12:26 - 2016-09-17 12:27 - 00208274 _____ C:\TDSSKiller.3.1.0.11_17.09.2016_12.26.25_log.txt
2016-09-17 12:26 - 2016-09-17 12:26 - 04656735 _____ C:\Users\John\Downloads\tdsskiller.zip
2016-09-17 12:25 - 2016-09-17 12:26 - 00000364 _____ C:\TDSSKiller.3.1.0.9_17.09.2016_12.25.57_log.txt
2016-09-17 12:02 - 2016-09-17 12:22 - 00000000 ____D C:\Windows\system32\SSL
2016-09-17 11:06 - 2016-09-17 11:06 - 00000000 ____D C:\ProgramData\Camera Bits, Inc
2016-09-17 11:00 - 2016-09-17 11:00 - 00000000 ____D C:\Users\John\AppData\Roaming\Camera Bits, Inc
2016-09-17 10:58 - 2016-09-17 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Mechanic 5
2016-09-17 10:58 - 2016-09-17 10:58 - 00000000 ____D C:\Program Files (x86)\Camera Bits
2016-09-17 10:58 - 2012-11-07 16:43 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2016-09-17 10:58 - 2012-11-07 16:43 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-09-17 10:55 - 2016-09-17 10:56 - 63179873 _____ C:\Users\John\Downloads\PM5.rar
2016-09-16 18:39 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-16 18:39 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-16 18:39 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-16 18:39 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-16 18:39 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-16 18:39 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-16 18:39 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-16 18:39 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-16 18:39 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-16 18:39 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-16 18:39 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-16 18:39 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-16 18:39 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-16 18:39 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-16 18:39 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-16 18:39 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-16 18:39 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-16 18:39 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-16 18:39 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-16 18:39 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-16 18:39 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-16 18:39 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-16 18:39 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-16 18:39 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-16 18:39 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-16 18:39 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-16 18:39 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-16 18:39 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-16 18:39 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-16 18:39 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-16 18:39 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-16 18:39 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-16 18:39 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-16 18:39 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-16 18:39 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-16 18:39 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-16 18:39 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-16 18:39 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-16 18:39 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-15 15:41 - 2016-09-15 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-15 02:14 - 2016-09-15 02:15 - 08244656 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup522.exe
2016-09-15 01:12 - 2016-09-01 15:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-15 01:12 - 2016-09-01 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-15 01:12 - 2016-08-31 23:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-15 01:12 - 2016-08-31 23:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-15 01:12 - 2016-08-31 22:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-15 01:12 - 2016-08-31 22:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-15 01:12 - 2016-08-31 22:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-15 01:12 - 2016-08-31 22:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-15 01:12 - 2016-08-31 22:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-15 01:12 - 2016-08-31 22:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-15 01:12 - 2016-08-31 22:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-15 01:12 - 2016-08-31 22:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-15 01:12 - 2016-08-31 22:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-15 01:12 - 2016-08-31 22:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-15 01:12 - 2016-08-31 22:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-15 01:12 - 2016-08-31 22:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-15 01:12 - 2016-08-31 22:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-15 01:12 - 2016-08-31 21:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-15 01:12 - 2016-08-31 21:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-15 01:12 - 2016-08-31 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-15 01:12 - 2016-08-31 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-15 01:12 - 2016-08-31 21:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-15 01:12 - 2016-08-31 21:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-15 01:12 - 2016-08-31 21:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-15 01:12 - 2016-08-31 21:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-15 01:12 - 2016-08-31 21:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-15 01:12 - 2016-08-31 21:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-15 01:12 - 2016-08-31 21:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-15 01:12 - 2016-08-31 21:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-15 01:12 - 2016-08-31 20:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-15 01:12 - 2016-08-31 20:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-15 01:12 - 2016-08-31 20:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-15 01:12 - 2016-08-31 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-15 01:12 - 2016-08-31 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-15 01:12 - 2016-08-31 20:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-15 01:12 - 2016-08-31 20:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-15 01:12 - 2016-08-31 20:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-15 01:12 - 2016-08-31 20:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-15 01:12 - 2016-08-31 20:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-15 01:12 - 2016-08-31 20:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-15 01:12 - 2016-08-31 20:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-15 01:12 - 2016-08-31 20:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-15 01:12 - 2016-08-31 20:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-15 01:12 - 2016-08-31 20:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-15 01:12 - 2016-08-31 20:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-15 01:12 - 2016-08-31 20:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-15 01:12 - 2016-08-31 20:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-15 01:12 - 2016-08-31 20:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-15 01:12 - 2016-08-31 20:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-15 01:12 - 2016-08-31 20:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-15 01:12 - 2016-08-31 19:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-15 01:12 - 2016-08-31 19:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-15 01:12 - 2016-08-31 19:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-15 01:12 - 2016-08-31 19:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-15 01:12 - 2016-08-31 19:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-15 01:12 - 2016-08-31 19:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-15 01:12 - 2016-08-31 19:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-15 01:12 - 2016-08-31 19:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-15 01:12 - 2016-08-31 19:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-15 01:12 - 2016-08-31 19:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-15 01:12 - 2016-08-31 19:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-15 01:12 - 2016-08-31 19:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-15 01:12 - 2016-08-31 19:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-15 01:12 - 2016-08-31 19:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-15 01:12 - 2016-08-31 18:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-15 01:12 - 2016-08-31 18:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-15 01:12 - 2016-08-12 12:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-15 01:12 - 2016-08-12 12:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-15 01:12 - 2016-08-12 12:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-15 01:11 - 2016-09-02 11:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-15 01:11 - 2016-09-02 11:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-15 01:11 - 2016-09-02 11:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-15 01:11 - 2016-09-02 11:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-15 01:11 - 2016-09-02 11:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-15 01:11 - 2016-09-02 11:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-15 01:11 - 2016-09-02 11:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-15 01:11 - 2016-09-02 11:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-15 01:11 - 2016-09-02 11:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-15 01:11 - 2016-09-02 11:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-15 01:11 - 2016-09-02 11:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-15 01:11 - 2016-09-02 11:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-15 01:11 - 2016-09-02 11:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-15 01:11 - 2016-09-02 11:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-15 01:11 - 2016-09-02 11:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-15 01:11 - 2016-09-02 11:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-15 01:11 - 2016-09-02 11:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-15 01:11 - 2016-09-02 11:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 11:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-15 01:11 - 2016-09-02 11:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-15 01:11 - 2016-09-02 11:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-15 01:11 - 2016-09-02 11:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-15 01:11 - 2016-09-02 10:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-15 01:11 - 2016-09-02 10:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-15 01:11 - 2016-09-02 10:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-15 01:11 - 2016-09-02 10:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-15 01:11 - 2016-09-02 10:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-15 01:11 - 2016-09-02 10:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-15 01:11 - 2016-09-02 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-15 01:11 - 2016-09-02 10:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-15 01:11 - 2016-09-02 10:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-15 01:11 - 2016-09-02 10:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-15 01:11 - 2016-09-02 10:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-15 01:11 - 2016-09-02 10:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-15 01:11 - 2016-09-02 10:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-15 01:11 - 2016-09-02 10:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 10:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 10:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-15 01:11 - 2016-09-02 10:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-15 01:11 - 2016-08-16 13:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-15 01:11 - 2016-08-15 22:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-15 01:11 - 2016-08-15 22:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-15 01:11 - 2016-08-06 11:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-15 01:11 - 2016-08-06 11:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-15 01:11 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-15 01:11 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-15 01:11 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-15 01:11 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-15 01:11 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-15 01:11 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-15 01:11 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-15 01:11 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-12 09:11 - 2016-09-12 09:11 - 00042792 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\DbxSvc.exe
2016-09-12 09:05 - 2016-09-12 09:05 - 00073840 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-stable.sys
2016-09-12 09:05 - 2016-09-12 09:05 - 00073840 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-dev.sys
2016-09-12 09:05 - 2016-09-12 09:05 - 00073840 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-canary.sys
2016-09-07 22:44 - 2016-09-07 22:44 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-09-07 22:44 - 2016-09-07 22:44 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-09-07 21:38 - 2016-09-07 21:38 - 00828630 _____ C:\Users\John\Downloads\Mgmt E-5030 Lecture 0 Course Intro 2016.pdf
2016-09-07 21:38 - 2016-09-07 21:38 - 00828630 _____ C:\Users\John\Downloads\Mgmt E-5030 Lecture 0 Course Intro 2016 (1).pdf
2016-09-07 21:37 - 2016-09-07 21:37 - 00677527 _____ C:\Users\John\Downloads\Mgmt E-5030 Lecture 1 Intro to PM.pdf
2016-09-06 19:57 - 2016-09-06 21:05 - 00011140 _____ C:\Users\John\Documents\HW1_Ori.ipynb
2016-09-05 22:19 - 2016-09-05 22:19 - 00808202 _____ C:\Users\John\Downloads\probability_cheatsheet.pdf
2016-09-05 10:47 - 2016-09-05 10:47 - 01224810 _____ C:\Users\John\Documents\HW1_Pi.csv
2016-09-05 10:12 - 2016-09-06 20:51 - 00000000 ____D C:\Users\John\.matplotlib
2016-09-05 00:40 - 2016-09-05 10:43 - 00588538 _____ C:\Users\John\Documents\Section1_2016.ipynb
2016-09-05 00:39 - 2016-09-05 00:39 - 00499371 _____ C:\Users\John\Desktop\Section1_2016.zip
2016-09-05 00:39 - 2016-08-30 19:55 - 00588539 _____ C:\Users\John\Desktop\Section1_2016.ipynb
2016-09-04 22:05 - 2016-09-04 22:05 - 00000000 ____D C:\Users\John\.jupyter
2016-09-04 00:45 - 2016-09-06 19:59 - 00000000 ____D C:\Users\John\Documents\.ipynb_checkpoints
2016-09-04 00:45 - 2016-09-06 00:41 - 00009168 _____ C:\Users\John\Documents\HW1.ipynb
2016-09-04 00:45 - 2016-09-04 00:45 - 00000000 ____D C:\Users\John\.ipython
2016-09-04 00:44 - 2016-09-06 21:05 - 00000000 ____D C:\Users\John\AppData\Roaming\jupyter
2016-09-04 00:14 - 2016-09-04 00:14 - 00000000 ____D C:\Users\Public\Documents\Python Scripts
2016-09-04 00:14 - 2016-09-04 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
2016-09-04 00:05 - 2016-09-06 19:57 - 00000000 ____D C:\Anaconda3
2016-09-04 00:04 - 2016-09-04 00:05 - 370055720 _____ (Continuum Analytics, Inc.) C:\Users\John\Downloads\Anaconda3-4.1.1-Windows-x86_64.exe
2016-09-03 14:00 - 2016-09-03 14:00 - 08227032 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup521.exe
2016-09-02 21:02 - 2016-09-02 21:02 - 00000000 ____D C:\Windows\SysWOW64\Scripts
2016-09-02 21:02 - 2016-09-02 21:02 - 00000000 ____D C:\Windows\SysWOW64\Lib
2016-09-02 21:00 - 2016-09-02 21:00 - 00000000 ____D C:\Tools
2016-09-02 21:00 - 2016-09-02 21:00 - 00000000 ____D C:\tcl
2016-09-02 21:00 - 2016-09-02 21:00 - 00000000 ____D C:\Doc
2016-09-02 20:59 - 2016-09-02 21:00 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2016-09-02 20:59 - 2016-09-02 21:00 - 00000000 ____D C:\libs
2016-09-02 20:59 - 2016-09-02 21:00 - 00000000 ____D C:\Lib
2016-09-02 20:59 - 2016-09-02 21:00 - 00000000 ____D C:\DLLs
2016-09-02 20:59 - 2016-09-02 20:59 - 00000000 ____D C:\include
2016-09-02 20:56 - 2016-09-02 20:59 - 00000000 ____D C:\Users\John\AppData\Local\Package Cache
2016-09-02 20:17 - 2016-09-02 20:17 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-02 20:16 - 2016-09-02 20:16 - 29269656 _____ (Python Software Foundation) C:\python-3.5.2.exe
2016-09-02 20:12 - 2016-09-06 19:57 - 00000000 ____D C:\Users\John\Desktop\HW1
2016-09-01 19:12 - 2016-09-01 19:12 - 00000000 ____D C:\Users\John\AppData\Roaming\Zoom
2016-09-01 19:12 - 2016-09-01 19:12 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2016-09-01 18:13 - 2016-09-01 18:13 - 00500259 _____ C:\Users\John\Downloads\Machine Learning Syllabus August 26 2016.pdf
2016-09-01 18:04 - 2016-09-01 18:04 - 00133448 _____ (Zoom Video Communications, Inc.) C:\Users\John\Downloads\Zoom_launcher.exe
2016-08-27 10:30 - 2016-09-17 12:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-19 14:04 - 2015-12-27 00:39 - 00000000 ____D C:\FRST
2016-09-19 14:02 - 2015-10-24 22:40 - 00000000 ___RD C:\Users\John\Dropbox
2016-09-19 14:01 - 2015-09-13 19:06 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-19 14:01 - 2015-06-12 17:20 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-09-19 14:01 - 2012-01-26 23:44 - 00000000 ____D C:\Temp
2016-09-19 14:01 - 2010-11-16 17:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-19 13:44 - 2015-09-13 19:06 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-19 13:41 - 2009-07-14 00:45 - 00025232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-19 13:41 - 2009-07-14 00:45 - 00025232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-19 13:32 - 2010-11-16 17:45 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-19 13:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-19 13:31 - 2014-01-03 21:21 - 00000000 ____D C:\AdwCleaner
2016-09-19 13:11 - 2014-05-30 18:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-19 11:07 - 2016-07-23 18:07 - 00001145 _____ C:\Users\Public\Desktop\Polar FlowSync.lnk
2016-09-19 11:07 - 2015-12-17 23:57 - 00001092 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-19 11:07 - 2015-11-25 12:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-19 11:07 - 2015-09-26 11:48 - 00001618 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackboard Collaborate Launcher.lnk
2016-09-19 11:07 - 2015-08-31 19:25 - 00001387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-09-19 11:07 - 2015-05-30 16:39 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2016-09-19 11:07 - 2015-05-30 16:14 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-09-19 11:07 - 2015-02-08 22:13 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2016-09-19 11:07 - 2015-02-08 22:13 - 00000969 _____ C:\Users\Public\Desktop\WinSCP.lnk
2016-09-19 11:07 - 2014-06-08 00:02 - 00000727 _____ C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2016-09-19 11:07 - 2014-03-15 23:14 - 00002987 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xamarin Studio.lnk
2016-09-19 11:07 - 2011-03-05 13:17 - 00001008 _____ C:\Users\Public\Desktop\Mumble.lnk
2016-09-19 11:07 - 2011-01-31 23:40 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-19 11:07 - 2011-01-01 00:54 - 00001183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS5.lnk
2016-09-19 11:07 - 2011-01-01 00:47 - 00001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS5.lnk
2016-09-19 11:07 - 2011-01-01 00:46 - 00001501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.lnk
2016-09-19 11:07 - 2011-01-01 00:46 - 00001258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
2016-09-19 11:07 - 2011-01-01 00:46 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
2016-09-19 11:07 - 2011-01-01 00:46 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.lnk
2016-09-19 11:07 - 2011-01-01 00:43 - 00001349 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
2016-09-19 11:07 - 2011-01-01 00:42 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
2016-09-19 11:07 - 2011-01-01 00:32 - 00000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2016-09-19 11:07 - 2010-12-10 20:53 - 00001790 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2016-09-19 11:07 - 2010-11-16 20:15 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-09-19 11:07 - 2010-11-16 20:15 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-09-19 11:07 - 2010-11-16 18:28 - 00001083 _____ C:\Users\Public\Desktop\StarCraft II.lnk
2016-09-19 11:07 - 2009-07-14 01:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-09-19 11:07 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-19 11:07 - 2009-07-14 00:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-09-19 11:07 - 2009-07-14 00:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-09-19 11:07 - 2009-07-14 00:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-09-19 11:07 - 2009-07-14 00:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-09-19 11:07 - 2009-07-14 00:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-09-19 11:06 - 2015-10-24 22:40 - 00001222 _____ C:\Users\John\Desktop\Dropbox.lnk
2016-09-19 11:06 - 2014-02-22 00:36 - 00001518 _____ C:\Users\John\Desktop\VS Express for Desktop.lnk
2016-09-19 11:06 - 2011-03-20 11:51 - 00001186 _____ C:\Users\John\Desktop\EVGA OC Scanner.lnk
2016-09-19 10:55 - 2012-02-25 13:53 - 00000000 ____D C:\Windows\ERDNT
2016-09-19 02:00 - 2014-06-21 16:26 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2016-09-19 01:24 - 2012-05-26 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
2016-09-19 01:24 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-19 01:23 - 2010-12-07 18:37 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-09-19 01:02 - 2015-12-17 23:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-19 01:02 - 2015-12-17 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-19 01:02 - 2015-12-17 23:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-18 23:22 - 2014-06-08 00:00 - 00000000 ____D C:\Warcraft III
2016-09-18 01:32 - 2010-12-10 20:53 - 00000000 ____D C:\Users\John\AppData\Roaming\Azureus
2016-09-17 18:59 - 2010-12-10 20:55 - 00000000 ____D C:\Users\John\Documents\Vuze Downloads
2016-09-17 18:58 - 2015-11-05 00:09 - 00000000 ____D C:\Users\John\.oracle_jre_usage
2016-09-17 18:57 - 2014-03-30 23:50 - 00000000 ____D C:\Program Files\Vuze
2016-09-17 14:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-09-17 13:20 - 2010-11-16 17:21 - 00000000 ____D C:\Users\John
2016-09-17 12:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-09-17 12:03 - 2016-03-22 23:06 - 00001985 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvаst SаfеZоnе Вrоwsеr.lnk
2016-09-17 12:03 - 2015-05-03 22:04 - 00002210 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-09-17 12:03 - 2012-03-30 17:28 - 00001955 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-09-17 12:03 - 2010-11-16 17:22 - 00001954 ____R C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2016-09-17 12:01 - 2012-03-30 17:28 - 00001943 ____R C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2016-09-17 10:58 - 2010-11-16 17:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-15 15:41 - 2015-09-13 19:06 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-09-15 10:21 - 2009-07-14 01:13 - 00006250 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-15 10:09 - 2009-07-14 00:45 - 04865736 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-15 02:26 - 2013-03-13 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-15 02:25 - 2013-03-13 23:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-15 02:25 - 2013-03-13 23:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-15 02:18 - 2013-07-27 01:05 - 00000000 ____D C:\Windows\system32\MRT
2016-09-15 02:18 - 2010-12-08 13:09 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-14 00:11 - 2014-05-30 18:23 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-14 00:11 - 2013-04-08 19:19 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-14 00:11 - 2013-04-08 19:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-14 00:11 - 2011-12-18 00:50 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-14 00:11 - 2010-11-16 17:44 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 21:12 - 2014-12-23 19:01 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-13 14:07 - 2015-10-25 00:02 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-09-12 17:57 - 2015-03-22 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
2016-09-12 17:57 - 2015-03-22 18:31 - 00000000 ____D C:\Program Files (x86)\HRBlock2014
2016-09-12 17:52 - 2014-03-13 10:25 - 00000000 ____D C:\Program Files (x86)\PDF995
2016-09-12 17:32 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-09-12 16:48 - 2015-10-25 00:02 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-09 20:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-08 19:13 - 2010-11-16 18:20 - 00070168 _____ C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-07 22:50 - 2016-03-22 23:06 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458702358
2016-09-07 22:44 - 2016-03-22 23:05 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-09-07 22:44 - 2015-10-25 00:02 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-09-07 22:44 - 2015-10-25 00:02 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-09-07 22:44 - 2015-10-25 00:02 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-09-07 22:44 - 2015-10-25 00:02 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-09-07 22:44 - 2015-10-25 00:02 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-09-07 22:44 - 2015-10-25 00:02 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-09-07 22:44 - 2015-10-25 00:02 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-09-03 18:02 - 2009-07-13 22:34 - 00452289 ____R C:\Windows\system32\Drivers\etc\hosts.20160917-135010.backup
2016-08-29 22:47 - 2014-12-13 15:33 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2016-08-29 18:10 - 2014-12-13 15:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-29 18:09 - 2014-12-13 15:32 - 00000000 ____D C:\ProgramData\Skype
2016-08-29 09:57 - 2012-04-28 21:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-04-18 19:08 - 2014-04-18 19:08 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxwtu-secure-search.xml
2014-04-01 00:06 - 2013-02-18 18:46 - 4216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist_2008_sp1_x86.exe
2015-02-08 23:47 - 2015-12-16 00:45 - 0000600 _____ () C:\Users\John\AppData\Roaming\winscp.rnd
2011-12-06 21:37 - 2014-10-21 23:40 - 0001456 _____ () C:\Users\John\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-05-30 23:10 - 2015-05-31 00:42 - 0001456 _____ () C:\Users\John\AppData\Local\Adobe Save for Web 13.0 Prefs
2011-03-19 19:08 - 2011-03-19 19:09 - 0000084 _____ () C:\Users\John\AppData\Local\DVDPATH.TXT
2015-02-08 01:01 - 2015-02-08 01:02 - 0000600 _____ () C:\Users\John\AppData\Local\PUTTY.RND
2014-04-19 00:40 - 2014-04-19 00:40 - 0000747 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2014-02-01 18:19 - 2014-02-01 18:19 - 0000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\libeay32.dll
C:\Users\John\AppData\Local\Temp\msvcr120.dll
C:\Users\John\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-15 11:48

==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 20 September 2016 - 08:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run the Malwarebyte program and remove everything that will be found.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2116333086-45548962-528574141-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Extension: (Yahoo Partner) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-09-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ??pl?r?r.lnk -> C:\Program Files\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ??pl?r?r (N? ?dd-?ns).lnk -> C:\Program Files\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ??pl?r?r.lnk -> C:\Program Files\Internet Explorer\iexplore.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?v?st S?f?Z?n? ?r?ws?r.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\Users\Public\Desktop\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb
C:\Program Files\Internet Explorer\iexplore.bat
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\Program Files (x86)\Mozilla Firefox\firefox.bat

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If you have any issues with your browsers reset them to the default settings.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

Please post the Malwarebyte and the Fixlog.txt for my review.

Let me know what problem persists.

#5 KBEAST

KBEAST
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 September 2016 - 11:39 PM

Hi,

 

Browser shortcuts were all broken so I had to recreate after reset which they work now.

The only issue I see right now is when start up, it takes like 5 min of black screen then, my window explore shows up so it's still taking lot of time to load.

 

Malwarebyte fix made me restart and I didnt see any log so I went into malwarebyte folder and found these 2 new log that were created today. which they are xml.

 

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/09/21 23:22:08 -0400</date>
<logfile>mbam-log-2016-09-21 (23-21-40).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.09.22.03</malware-database>
<rootkit-database>v2016.08.15.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>JOHN-PC</hostname>
<ip>10.0.0.6</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>John</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>409847</objects>
<time>1079</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\$RECYCLE.BIN\S-1-5-21-2116333086-45548962-528574141-1001\$RU3LX6B.5\adobe.snr.patch-painter.exe</path><vendor>RiskWare.Tool.HCK</vendor><action>success</action><hash>48e31b5a4357cd69cc4227e7c43dcf31</hash></file>
<file><path>C:\$RECYCLE.BIN\S-1-5-21-2116333086-45548962-528574141-1001\$RFACMCN\xf-adobecc2015.exe</path><vendor>Trojan.Dropper</vendor><action>success</action><hash>d6557ff6a4f63afc21e92b0a14ee21df</hash></file>
</items>
</mbam-log>
 

 

<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="1" datetime="2016-09-21T23:21:53.457031-04:00" source="Manual" type="Update" username="SYSTEM" systemname="JOHN-PC" fromVersion="2016.9.18.1" last_modified_tag="538b0944-dddf-43e6-b12e-7e08150f3180" name="Remediation Database" toVersion="2016.9.21.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-09-21T23:21:54.144531-04:00" source="Manual" type="Update" username="SYSTEM" systemname="JOHN-PC" fromVersion="2016.9.16.1" last_modified_tag="32ccd723-75d0-4423-a938-9fb7cb6b7a17" name="IP Database" toVersion="2016.9.22.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-09-21T23:21:56.863281-04:00" source="Manual" type="Update" username="SYSTEM" systemname="JOHN-PC" fromVersion="2016.9.18.2" last_modified_tag="27aab95f-1a93-40a2-b1cd-cf4b9648dcb9" name="Domain Database" toVersion="2016.9.22.2"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-09-21T23:22:07.519531-04:00" source="Manual" type="Update" username="SYSTEM" systemname="JOHN-PC" fromVersion="2016.9.19.2" last_modified_tag="22d3f8c0-70d5-4896-a96a-c4bcf724a982" name="Malware Database" toVersion="2016.9.22.3"></record>
   <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2016-09-21T23:22:08-04:00" datetime="2016-09-21T23:46:46.405273-04:00" source="Manual" type="Scan" username="SYSTEM" systemname="JOHN-PC" last_modified_tag="8a82d0cc-462b-411c-a068-70230f7f70c2" duration="1079" malwaredetections="2" nonmalwaredetections="0" scanresult="completed"></record>
</logs>
 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-09-2016
Ran by John (21-09-2016 23:58:21) Run:2
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2116333086-45548962-528574141-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Extension: (Yahoo Partner) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-09-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ??pl?r?r.lnk -> C:\Program Files\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ??pl?r?r (N? ?dd-?ns).lnk -> C:\Program Files\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ??pl?r?r.lnk -> C:\Program Files\Internet Explorer\iexplore.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?v?st S?f?Z?n? ?r?ws?r.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\Users\Public\Desktop\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb
C:\Program Files\Internet Explorer\iexplore.bat
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\Program Files (x86)\Mozilla Firefox\firefox.bat

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2116333086-45548962-528574141-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\John\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nogdfjjfhknacchjpiccacoimeelkajb" => key removed successfully
AvastVBoxSvc => service could not remove
dbx => service removed successfully
"C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rn?t ??pl?r?r.lnk" => Could not move.
"C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ??pl?r?r (N? ?dd-?ns).lnk" => Could not move.
"C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk" => Could not move.
"C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G??gl? ?hr?m?.lnk" => Could not move.
"C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ??pl?r?r.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G??gl? ?hr?m?.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?v?st S?f?Z?n? ?r?ws?r.lnk" => Could not move.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk" => Could not move.
"C:\Users\Public\Desktop\??zill? Fir?f??.lnk" => Could not move.
VBoxAswDrv => service could not remove
"C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb" => not found.
C:\Program Files\Internet Explorer\iexplore.bat => moved successfully
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat => moved successfully
C:\Program Files (x86)\Mozilla Firefox\firefox.bat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22364132 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 5770991 B
Edge => 0 B
Chrome => 495407431 B
Firefox => 17231136 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
John => 222690294 B
Admin => 0 B
UpdatusUser => 0 B

RecycleBin => 1569429910 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:59:25 ====



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 22 September 2016 - 10:27 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#7 KBEAST

KBEAST
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 26 September 2016 - 04:00 PM

Hi,

 

How do I stop this zoek from running?

 

I've let it run for 5 hours and it still says running. When I try to click close it comes back and saying it's still running.

 

So far, on text, it showed this below. How long is this going?

 

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by John on Mon 09/26/2016 at 10:01:10.37.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\John\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 10:02:52.88 =====

--- Create Environment Variables 10:02:54.66
--- Create System Restore Point 10:03:05.30
--- Checking Input 10:03:31.58
--- AU AppData Check 10:04:01.86
--- Remove From Windows Installer 10:04:06.30
--- Empty Folders Check 10:06:04.70
--- Registry HKLM Software Check 10:06:04.74
--- Quick Launch Shortcut Check 10:07:09.11
--- IE Startpage Check 10:07:20.44
--- Program Files DB Check 10:08:00.64
--- C:\Users\Admin\AppData\Roaming DB Check 10:09:00.27
--- C:\Users\Default\AppData\Roaming DB Check 10:09:00.27
--- C:\Users\Default User\AppData\Roaming DB Check 10:09:00.27
--- C:\Users\John\AppData\Roaming DB Check 10:09:00.27
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 10:09:00.27
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 10:09:00.27
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 10:09:00.27
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 10:09:00.27
--- C:\Users\John DB Check 10:12:11.78
--- C:\PROGRA~3 DB Check 10:12:47.72
--- C:\Users\Admin\AppData\Local DB Check 10:13:14.41
--- C:\Users\Administrator\AppData\Local DB Check 10:13:14.41
--- C:\Users\AppData\AppData\Local DB Check 10:13:14.41
--- C:\Users\Default\AppData\Local DB Check 10:13:14.41
--- C:\Users\Default User\AppData\Local DB Check 10:13:14.41
--- C:\Users\John\AppData\Local DB Check 10:13:14.41
--- C:\Users\Public\AppData\Local DB Check 10:13:14.41
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 10:13:14.41
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 10:13:14.41
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 10:13:14.41
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 10:13:14.41
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 10:16:14.39
--- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 10:16:27.17
--- Tasks DB Check 10:16:35.14
--- Downloads DB Check 10:16:40.64
--- C:\Users\Admin\AppData\LocalLow DB Check 10:16:47.60
--- C:\Users\John\AppData\LocalLow DB Check 10:16:47.60
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 10:16:47.60
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 10:16:47.60
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 10:16:47.60
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 10:16:47.60
--- Tasks2 DB Check 10:17:55.53
--- Documents DB Check 10:18:36.00
--- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\r62ax7an.Default User DB Check 10:18:48.78
--- C:\Users\Public\Desktop DB Check 10:18:51.80
--- C:\Users\John\Desktop DB Check 10:18:59.80
--- Services DB Check 10:19:20.91
--- FF prefs.js DB Check 10:20:01.14
--- Emptyclsid 10:20:50.50
--- Del by CLSID 10:20:53.50
--- Delete Services 10:22:49.02
--- Firefox Fix 10:22:51.95
--- Batch Commands 10:22:56.20
--- Delete files\folders 10:22:56.50
--- Create Backups 10:22:56.64
--- Firefox Extensions 10:23:07.45
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 27 September 2016 - 08:53 AM

Stop the process via the Task Manager.

Restart the computer normally.

Let me know what problem persists.

#9 KBEAST

KBEAST
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 29 September 2016 - 01:27 PM

Hi,

 

So browser issues are gone. However, initial or reboot start up still takes about 5 min of black screen for it to load my desktop.

 

thanks



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 30 September 2016 - 08:18 AM

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.
Let me know if the problem persists.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:12 AM

Posted 06 October 2016 - 08:49 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users