Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser window overlays my Excel File


  • This topic is locked This topic is locked
66 replies to this topic

#1 ep2002

ep2002

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:02:44 PM

Posted 16 November 2016 - 05:29 AM

So this has been happening recently where I am on a browser window (Chrome) & I go to my Excel file & the next thing I know, the image of part of the browser window shows up.

 

I'm also having problems that while clicking on things in Fx, that new windows open up even though I have AdBlocker installed.

 

Overall the computer isn't running as fast as it used to.

 

Thank you for any help you can give me.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Michelle - Alexis (administrator) on MICHELLE-ALEXIS (16-11-2016 12:22:26)
Running from C:\Users\Michelle - Alexis\AppData\Local\Temp\scoped_dir5832_18739
Loaded Profiles: Michelle - Alexis (Available Profiles: Michelle - Alexis)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mega Limited) C:\Users\Michelle - Alexis\AppData\Local\MEGAsync\MEGAsync.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Michelle - Alexis\AppData\Local\Temp\ocr5C04.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Michelle - Alexis\AppData\Local\Temp\ocr6C58.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(SkyPrivate) C:\Users\Michelle - Alexis\AppData\Local\Apps\2.0\48AMO56O.6NK
 
\V7KZ2WA3.CL1\skyp..tion_c9519c0fa2d78996_0001.0000_cce0e91be77428ee\SkyPrivate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907792 2012-07-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-24] 
 
(Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe 
 
[113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25673776 2016-11-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle 
 
Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4016078423-3760932042-4150441970-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 
 
2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-4016078423-3760932042-4150441970-1000\...\Run: [SkyPrivate] => C:\Users\Michelle - Alexis\AppData\Local\Apps
 
\2.0\48AMO56O.6NK\V7KZ2WA3.CL1\skyp..tion_c9519c0fa2d78996_0001.0000_e39a012e2d8b94ae\SkyPrivate.exe
HKU\S-1-5-21-4016078423-3760932042-4150441970-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-
 
17] (Skype Technologies S.A.)
HKU\S-1-5-21-4016078423-3760932042-4150441970-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr 
 
[477696 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Michelle - Alexis\AppData\Local
 
\MEGAsync\ShellExtX64.dll [2016-11-14] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Michelle - Alexis\AppData\Local
 
\MEGAsync\ShellExtX64.dll [2016-11-14] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Michelle - Alexis\AppData\Local
 
\MEGAsync\ShellExtX64.dll [2016-11-14] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell
 
\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Michelle - Alexis\AppData
 
\Local\MEGAsync\ShellExtX32.dll [2016-11-14] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Michelle - Alexis\AppData
 
\Local\MEGAsync\ShellExtX32.dll [2016-11-14] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Michelle - Alexis\AppData
 
\Local\MEGAsync\ShellExtX32.dll [2016-11-14] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client
 
\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell
 
\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Michelle - Alexis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-07]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Michelle - Alexis\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Michelle - Alexis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2016-11-05]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{38A21977-BD69-46A5-A094-E0D4BB9AE72A}: [DhcpNameServer] 10.0.0.138
 
Internet Explorer:
==================
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] 
 
(IvoSoft)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL 
 
[2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] 
 
(IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-
 
30] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll 
 
[2016-09-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office
 
\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin
 
\jp2ssv.dll [2016-09-18] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] 
 
(IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll 
 
[2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll 
 
[2016-07-30] (IvoSoft)
 
FireFox:
========
FF DefaultProfile: go2b5zdi.default
FF ProfilePath: C:\Users\Michelle - Alexis\AppData\Roaming\Mozilla\Firefox\Profiles\go2b5zdi.default [2016-11-16]
FF Homepage: Mozilla\Firefox\Profiles\go2b5zdi.default -> www.eztv.ag
hxxps://thepiratebay.se/tv/latest/
hxxp://extratorrent.cc/
hxxps://kat.al/
hxxps://yts.ag
hxxps://www.torrenting.com/login.php?returnto=Login
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Michelle - Alexis\AppData\Roaming\Mozilla\Firefox\Profiles\go2b5zdi.default
 
\Extensions\adblockpopups@jessehakanen.net.xpi [2016-08-18]
FF Extension: (LastPass) - C:\Users\Michelle - Alexis\AppData\Roaming\Mozilla\Firefox\Profiles\go2b5zdi.default\Extensions
 
\support@lastpass.com [2016-05-30]
FF Extension: (Adblock Plus) - C:\Users\Michelle - Alexis\AppData\Roaming\Mozilla\Firefox\Profiles\go2b5zdi.default\Extensions
 
\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft 
 
Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-
 
18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-18] 
 
(Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( 
 
Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-
 
30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-
 
30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> 
 
"hxxp://www.ratemycock.com/","hxxps://chaturbate.com/","hxxp://www.cam4.com/","hxxps://www.streamatemodels.com/","hxxp://host.imlive.com
 
/","hxxp://www.cammodeldirectory.com/","hxxps://accounts.skyprivate.com/","hxxp://www.myfreecams.com/modelweb/","hxxps://camgasm.com/","
 
hxxps://www.camsoda.com/sensualfreespirit"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Michelle - Alexis\AppData\Local\Google\Chrome\User Data\Default [2016-11-16]
CHR Extension: (Google Drive) - C:\Users\Michelle - Alexis\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\apdfllckaahabafndbhieahigkjlhalf [2016-05-12]
CHR Extension: (YouTube) - C:\Users\Michelle - Alexis\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle - Alexis\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\hdokiejnpimakedhajhdlcegeplioahd [2016-11-14]
CHR Extension: (Lovense Extension) - C:\Users\Michelle - Alexis\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\ieihelfmmpcbblkgkeomefgpadhahepk [2016-10-24]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Michelle - Alexis\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-10-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle - Alexis\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-12]
CHR Extension: (Gmail) - C:\Users\Michelle - Alexis\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\Michelle - Alexis\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-02]
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.pandora.com/","hxxps://textfree.us/"
OPR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Michelle - Alexis\AppData\Roaming\Opera Software\Opera Stable
 
\Extensions\foobgjfmnkeainefnnoeghobcdcidhme [2016-05-12]
OPR Extension: (LastPass: Free Password Manager) - C:\Users\Michelle - Alexis\AppData\Roaming\Opera Software\Opera Stable\Extensions
 
\hnjalnkldgigidggphhmacmimbdlafdo [2016-09-02]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-07] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-08] (Dropbox, Inc.)
R2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File 
 
not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2779136 2016-10-08] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7031056 2016-05-02] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263296 2016-10-08] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197288 2016-10-08] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153248 2016-10-08] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208552 2016-10-08] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61608 2016-10-08] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84640 2016-10-08] (ESET)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [3008144 2012-11-03] (Realtek Semiconductor Corp.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-16 12:21 - 2016-11-16 12:22 - 00000000 ____D C:\FRST
2016-11-13 23:47 - 2016-11-02 17:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-13 23:47 - 2016-11-02 17:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-13 23:47 - 2016-11-02 17:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-13 23:47 - 2016-11-02 17:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-13 23:47 - 2016-11-02 17:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-13 23:47 - 2016-11-02 17:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-13 23:47 - 2016-11-02 17:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-13 23:47 - 2016-11-02 17:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-13 23:47 - 2016-11-02 17:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-13 23:47 - 2016-11-02 16:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-13 23:47 - 2016-10-28 05:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-13 23:47 - 2016-10-28 05:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-13 23:47 - 2016-10-27 21:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-13 23:47 - 2016-10-27 21:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-13 23:47 - 2016-10-27 20:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-13 23:47 - 2016-10-27 20:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-13 23:47 - 2016-10-27 20:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-13 23:47 - 2016-10-27 20:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-13 23:47 - 2016-10-27 20:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-13 23:47 - 2016-10-27 20:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-13 23:47 - 2016-10-27 20:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-13 23:47 - 2016-10-27 20:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-13 23:47 - 2016-10-27 20:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-13 23:47 - 2016-10-27 20:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-13 23:47 - 2016-10-27 20:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-13 23:47 - 2016-10-27 20:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-13 23:47 - 2016-10-27 20:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-13 23:47 - 2016-10-27 20:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-13 23:47 - 2016-10-27 20:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-13 23:47 - 2016-10-27 20:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-13 23:47 - 2016-10-27 20:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-13 23:47 - 2016-10-27 20:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-13 23:47 - 2016-10-27 20:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-13 23:47 - 2016-10-27 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-13 23:47 - 2016-10-27 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-13 23:47 - 2016-10-27 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-13 23:47 - 2016-10-27 20:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-13 23:47 - 2016-10-27 19:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-13 23:47 - 2016-10-27 19:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-13 23:47 - 2016-10-27 19:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-13 23:47 - 2016-10-27 19:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-13 23:47 - 2016-10-27 19:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-13 23:47 - 2016-10-27 19:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-13 23:47 - 2016-10-27 19:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-13 23:47 - 2016-10-27 19:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-13 23:47 - 2016-10-27 18:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-13 23:47 - 2016-10-27 17:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-13 23:47 - 2016-10-25 17:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-13 23:47 - 2016-10-22 19:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-13 23:47 - 2016-10-22 19:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-13 23:47 - 2016-10-22 19:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-13 23:47 - 2016-10-22 19:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-13 23:47 - 2016-10-22 19:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-13 23:47 - 2016-10-22 19:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-13 23:47 - 2016-10-22 19:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-13 23:47 - 2016-10-22 19:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-13 23:47 - 2016-10-22 19:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-13 23:47 - 2016-10-22 19:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-13 23:47 - 2016-10-22 19:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-13 23:47 - 2016-10-22 19:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-13 23:47 - 2016-10-22 19:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-13 23:47 - 2016-10-22 19:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-13 23:47 - 2016-10-22 19:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-13 23:47 - 2016-10-22 19:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-13 23:47 - 2016-10-22 18:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-13 23:47 - 2016-10-22 18:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-13 23:47 - 2016-10-22 18:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-13 23:47 - 2016-10-22 18:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-13 23:47 - 2016-10-22 18:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-13 23:47 - 2016-10-22 18:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-13 23:47 - 2016-10-22 18:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-13 23:47 - 2016-10-22 18:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-13 23:47 - 2016-10-22 18:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-13 23:47 - 2016-10-22 18:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-13 23:47 - 2016-10-22 18:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-13 23:47 - 2016-10-22 18:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-13 23:47 - 2016-10-22 18:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-13 23:47 - 2016-10-15 17:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-13 23:47 - 2016-10-15 17:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-13 23:47 - 2016-10-15 17:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-13 23:47 - 2016-10-15 17:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-13 23:47 - 2016-10-11 17:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-13 23:47 - 2016-10-11 17:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-13 23:47 - 2016-10-11 17:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-13 23:47 - 2016-10-11 17:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-13 23:47 - 2016-10-11 17:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-13 23:47 - 2016-10-11 17:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-13 23:47 - 2016-10-11 17:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-13 23:47 - 2016-10-11 17:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-13 23:47 - 2016-10-11 17:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-13 23:47 - 2016-10-11 17:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-13 23:47 - 2016-10-11 17:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-13 23:47 - 2016-10-11 17:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-13 23:47 - 2016-10-11 17:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-13 23:47 - 2016-10-11 17:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-13 23:47 - 2016-10-11 17:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-13 23:47 - 2016-10-11 17:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-13 23:47 - 2016-10-11 17:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-13 23:47 - 2016-10-11 17:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-13 23:47 - 2016-10-11 17:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-13 23:47 - 2016-10-11 17:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-13 23:47 - 2016-10-11 17:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-13 23:47 - 2016-10-11 17:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-13 23:47 - 2016-10-11 17:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-13 23:47 - 2016-10-11 17:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-13 23:47 - 2016-10-11 17:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-13 23:47 - 2016-10-11 15:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-13 23:47 - 2016-10-11 15:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-13 23:47 - 2016-10-10 17:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-13 23:47 - 2016-10-10 17:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-13 23:47 - 2016-10-10 17:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-13 23:47 - 2016-10-10 17:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-13 23:47 - 2016-10-10 17:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-13 23:47 - 2016-10-10 17:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-13 23:47 - 2016-10-10 17:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-13 23:47 - 2016-10-10 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-13 23:47 - 2016-10-10 17:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-13 23:47 - 2016-10-10 16:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-13 23:47 - 2016-10-10 16:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-13 23:47 - 2016-10-10 16:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-13 23:47 - 2016-10-10 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-13 23:47 - 2016-10-10 16:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-13 23:47 - 2016-10-10 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-13 23:47 - 2016-10-07 17:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-13 23:47 - 2016-10-07 17:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-13 23:47 - 2016-10-07 17:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-13 23:47 - 2016-10-07 17:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-
 
0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-
 
0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-
 
1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-
 
0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-
 
0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-13 23:47 - 2016-10-07 17:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-13 23:47 - 2016-10-07 17:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-
 
0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-
 
0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-
 
1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-
 
0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-
 
0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 17:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-13 23:47 - 2016-10-07 17:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-13 23:47 - 2016-10-07 17:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-13 23:47 - 2016-10-07 17:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-13 23:47 - 2016-10-07 17:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-13 23:47 - 2016-10-07 16:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-13 23:47 - 2016-10-07 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-13 23:47 - 2016-10-07 16:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-13 23:47 - 2016-10-07 16:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-13 23:47 - 2016-10-07 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-13 23:47 - 2016-10-07 16:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 16:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 16:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-13 23:47 - 2016-10-07 16:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-13 23:47 - 2016-10-05 16:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-13 23:47 - 2016-09-15 16:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-13 23:47 - 2016-09-13 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-13 23:47 - 2016-09-13 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-13 23:47 - 2016-09-09 20:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-13 23:47 - 2016-09-09 20:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-13 23:47 - 2016-08-22 18:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-12 19:19 - 2016-11-12 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-09 22:14 - 2016-11-09 22:20 - 00000000 ____D C:\Users\Michelle - Alexis\Documents\Calibre Library
2016-11-09 22:14 - 2016-11-09 22:14 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Local\calibre-cache
2016-11-09 22:13 - 2016-11-09 22:14 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Roaming\calibre
2016-11-08 00:49 - 2016-11-08 00:49 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-08 00:49 - 2016-11-08 00:49 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-08 00:49 - 2016-11-08 00:49 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-08 00:49 - 2016-11-08 00:49 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-05 05:00 - 2016-11-05 06:01 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Roaming\Paltalk
2016-11-05 05:00 - 2016-11-05 05:00 - 00002011 _____ C:\Users\Michelle - Alexis\Desktop\Paltalk Messenger.lnk
2016-11-05 05:00 - 2016-11-05 05:00 - 00001250 _____ C:\Users\Michelle - Alexis\Desktop\Upgrade to Paltalk Extreme.lnk
2016-11-05 05:00 - 2016-11-05 05:00 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
 
\Paltalk Messenger
2016-11-05 05:00 - 2016-11-05 05:00 - 00000000 ____D C:\Program Files (x86)\Paltalk Messenger
2016-10-21 15:38 - 2016-10-21 15:38 - 00000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0000_0810b04b76b6b69e
2016-10-20 23:49 - 2016-11-06 22:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-16 12:21 - 2016-03-29 22:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-16 12:20 - 2016-05-21 06:19 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Local\ClassicShell
2016-11-16 12:18 - 2016-05-12 04:01 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Roaming\Skype
2016-11-16 12:17 - 2016-05-16 06:07 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Roaming\qBittorrent
2016-11-16 12:13 - 2016-05-16 06:19 - 00000000 ____D C:\Watch (File)
2016-11-16 12:07 - 2016-06-24 08:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-16 11:24 - 2016-08-07 20:08 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-16 10:56 - 2016-03-29 22:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-16 10:50 - 2016-05-15 05:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-16 10:49 - 2016-05-30 12:29 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\LocalLow\LastPass
2016-11-16 03:29 - 2009-07-14 06:45 - 00022576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-
 
8115-601632D005A0
2016-11-16 03:29 - 2009-07-14 06:45 - 00022576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-
 
8115-601632D005A0
2016-11-15 20:20 - 2016-05-13 00:39 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Local\Deployment
2016-11-15 19:24 - 2016-08-07 20:08 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-15 16:46 - 2016-05-16 07:09 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Roaming\vlc
2016-11-15 16:23 - 2009-07-14 07:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-15 16:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-11-15 03:23 - 2016-03-29 22:46 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 03:23 - 2016-03-29 22:46 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 18:00 - 2016-08-07 20:27 - 00000000 ___RD C:\Users\Michelle - Alexis\Dropbox
2016-11-14 18:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-14 02:35 - 2016-10-07 10:07 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Local\MEGAsync
2016-11-14 01:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-11-14 00:34 - 2016-05-12 18:24 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-14 00:34 - 2016-05-12 17:48 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-14 00:34 - 2009-07-14 06:45 - 00355024 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-13 23:52 - 2016-05-15 05:08 - 00000000 ____D C:\Windows\system32\MRT
2016-11-13 23:49 - 2016-05-15 05:08 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-13 22:07 - 2016-06-24 08:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-13 22:07 - 2016-05-12 18:24 - 00003924 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-13 22:07 - 2016-03-29 22:48 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-13 22:07 - 2016-03-29 22:48 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-13 22:07 - 2016-03-29 22:48 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-13 22:07 - 2016-03-29 22:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-12 22:49 - 2016-06-01 02:01 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-12 19:19 - 2016-08-07 20:08 - 00003926 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-12 19:19 - 2016-08-07 20:08 - 00003674 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-12 19:19 - 2016-08-07 20:08 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-11-12 19:18 - 2016-05-12 17:48 - 00003874 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1463068136
2016-11-09 22:15 - 2016-08-07 20:27 - 00000000 ____D C:\Books
2016-11-06 23:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-06 23:00 - 2015-01-14 08:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-06 23:00 - 2015-01-14 08:08 - 00000000 ____D C:\ProgramData\Skype
2016-11-06 22:59 - 2016-05-12 18:21 - 00000000 ____D C:\Notes
2016-11-06 22:59 - 2016-05-12 12:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-05 05:16 - 2016-05-12 06:52 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Local\VirtualStore
2016-10-30 07:18 - 2016-05-12 06:53 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Local\Google
2016-10-26 16:29 - 2010-11-21 05:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-21 15:45 - 2016-05-12 02:55 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-21 14:57 - 2016-05-12 18:22 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Local\Adobe
2016-10-18 17:04 - 2016-08-22 01:30 - 00000000 ____D C:\Users\Michelle - Alexis\AppData\Local\SMBroadcast
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-14 01:21
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:44 PM

Posted 21 November 2016 - 05:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/632352 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 22 November 2016 - 09:00 PM

Greetings ep2002 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 22 November 2016 - 09:18 PM

Greetings,

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
Folder: C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0000_0810b04b76b6b69e
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:02:44 PM

Posted 23 November 2016 - 04:47 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
Ran by Michelle - Alexis (23-11-2016 23:41:50) Run:1
Running from C:\Downloads
Loaded Profiles: Michelle - Alexis (Available Profiles: Michelle - Alexis)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
Folder: C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0000_0810b04b76b6b69e
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
dbx => service removed successfully
 
========================= Folder: C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0000_0810b04b76b6b69e ========================
 
2016-10-21 15:38 - 2016-10-21 15:38 - 0000522 _____ () C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0000_0810b04b76b6b69e\user.config
 
====== End of Folder: ======
 
 
 
The system needed a reboot.
 
==== End of Fixlog 23:41:56 ====


#6 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:02:44 PM

Posted 23 November 2016 - 04:53 PM

# AdwCleaner v6.030 - Logfile created 23/11/2016 at 23:50:40
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-23.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Michelle - Alexis - MICHELLE-ALEXIS
# Running from : C:\Users\Michelle - Alexis\AppData\Local\Temp\scoped_dir2000_20932\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Michelle - Alexis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Michelle - Alexis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1076 Bytes] - [23/11/2016 23:50:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [1400 Bytes] - [23/11/2016 23:49:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1222 Bytes] ##########


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 23 November 2016 - 05:18 PM

Thank you, can you provide an update on your computer performance please.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:02:44 PM

Posted 23 November 2016 - 05:30 PM

No I can't. I'd have to wait 2 weeks to see if the issues come up again b/c it doesn't happen all the time.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 23 November 2016 - 05:33 PM

OK, let's run a couple more things to make sure your computer is clean.

===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Right click on the icon and select Run as administrator
  • Click 1. Update now!
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click On scan completion
  • Click Quarantine detected objects, then click OK
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Emsisoft report
  • Security check report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:02:44 PM

Posted 23 November 2016 - 08:57 PM

I'm off to bed in a min. I'll finish the last bit tomorrow.

 

Thanks Gary :)

 

RogueKiller V12.8.2.0 (x64) [Nov 21 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Michelle - Alexis [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/24/2016 03:41:33 (Duration : 00:12:06)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 14 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{38A21977-BD69-46A5-A094-E0D4BB9AE72A} | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{38A21977-BD69-46A5-A094-E0D4BB9AE72A} | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4016078423-3760932042-4150441970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4016078423-3760932042-4150441970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4016078423-3760932042-4150441970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4016078423-3760932042-4150441970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4016078423-3760932042-4150441970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4016078423-3760932042-4150441970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4016078423-3760932042-4150441970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4016078423-3760932042-4150441970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4016078423-3760932042-4150441970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4016078423-3760932042-4150441970-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A240G +++++
--- User ---
[MBR] 88272034776a59ff37f8f464f32e8895
[BSP] 01fbd377abe3146e6d9221f80b80b49b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 6000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 13314048 | Size: 222434 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 63ab7a2a6c8aea62bef440000b8fdc04
[BSP] aa315476aa62182fa501d63320003586 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Edited by Oh My!, 24 November 2016 - 09:47 AM.


#11 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:02:44 PM

Posted 23 November 2016 - 09:02 PM

Emsisoft Emergency Kit - Version 11.9
Last update: 11/24/2016 3:58:39 AM
User account: Michelle-Alexis\Michelle - Alexis
Computer name: MICHELLE-ALEXIS
OS version: Windows 7x64 Service Pack 1
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/24/2016 4:00:00 AM
 
Scanned 74883
Found 0
 
Scan end: 11/24/2016 4:00:25 AM
Scan time: 0:00:25


#12 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:02:44 PM

Posted 23 November 2016 - 09:07 PM

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET Smart Security 9.0.402.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 101  
 Java version 32-bit out of Date! 
 Adobe Flash Player 23.0.0.207  
 Adobe Reader XI  
 Mozilla Firefox (50.0) 
 Google Chrome (54.0.2840.71) 
 Google Chrome (54.0.2840.99) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 windows defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 10% 
````````````````````End of Log`````````````````````` 

One thing I forgot to mention.... I've been trying to install Java for weeks & I keep getting an error.

 

I didn't type out the complete path, but I hope you can figure out what the front end of this path is...

 

AppData/LocalLow/Oracle/Java/jre1.8.0_111/au.msi is corrupt

 

Thanks



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 24 November 2016 - 09:46 AM

Your computer is clean so if the symptoms return it is not because of malware.

Follow the Solution steps here then try the Java download again.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 ep2002

ep2002
  • Topic Starter

  • Members
  • 342 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Traveling around now to find my dream country
  • Local time:02:44 PM

Posted 24 November 2016 - 08:56 PM

Hi there Gary,

 

So are you saying there was nothing found on my computer that was a problem?

 

Ok, it fixed some registry files, so t/y.

 

Now I'm confused which Java I need to install.

 

Here's the URL - http://www.oracle.com/technetwork/java/javase/overview/java8-2100321.html

 

Thanks :)



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,008 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:44 AM

Posted 25 November 2016 - 01:52 PM

Greetings,

I have not found anything of real concern on your computer. However, I would like you to use Windows Explorer to navigate to the below folder and tell me the entire name which has been shortened (see the red part)

C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0000_0810b04b76b6b69e\user.config

Regarding Java, please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here to Verify Java version
  • If you are notified your Java version is out of date click Update (recommended)
  • Click Agree and Start Free Java Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Install
  • Uncheck all optional offers
  • Click Next
  • Once completed you should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed check each of the versions and click Uninstall
  • Verify the older version(s) was uninstalled then click Next
  • Click Close
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Folder name
  • Java update?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users