Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with Steam/Thunderbird/Minecraft


  • Please log in to reply
20 replies to this topic

#1 SpitzNevus

SpitzNevus

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 02 December 2016 - 10:28 PM

I've been having several problems with various programs on my computer. These issues have been reported individually on the forums for those programs without resolutions. They all seem to have begun around the same time for me with programs that were previously functioning normally, leading me to wonder whether they might all have a common root (so to speak) cause.

 

I am running Windows 7 Professional, SP-1, 64-bit. Connected to LAN via wired connection.

 

1. Steam: The formatting on the steam store screen becomes unreadable with the formatting messed up every day or so. Erasing the htmlcache folder in the Steam directory will completely fix the issue, but it will recur within a day or so. If I access my Steam account on another computer, I never have the issue.

 

2. Minecraft: When my daughter (or I) use my computer to join another server hosted on our LAN, she will connect, then disconnect (sometimes immediately, sometimes after a delay) with one of several errors:

  • Internal Exception: io.netty.handler.codec.DecoderException: Badly compressed packet - size of 67 is below server threshold of 256
  • Internal Exception: io.netty.handler.codec.CorruptedFrameException: length wider than 21-bit
  • Internal Exception: io.netty.handler.codec.DecoderException: java.util.zip.DataFormatException: unknown compression method

3. Our networked printer now has to be power cycled daily to force it to reconnect to the wireless network, as it keeps losing the wireless connection.

 

4. Mozilla Thunderbird e-mail client periodically gives me the following error messages when the program first starts and checks my e-mail. This happens randomly:

I initially posted about this issue in an "Am I infected?" forum thread, and after the initial scans there did not resolve the issue, BoopMe instructed me to run FRST and start a new thread here. I very much appreciate any insights. FRST.txt log appended below; addition.txt attached.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016
Ran by Daniel (ATTENTION: The user is not administrator) on PHOENIX (01-12-2016 23:07:46)
Running from C:\Users\Daniel\Downloads\Malware Cleaning
Loaded Profiles: Daniel (Available Profiles: Daniel & Karya & Rebecca & Mcx1-PHOENIX & Diana & Katie & Haeun & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> nvSCPAPISvr.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> Pen_TouchService.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> PhotoshopElementsFileAgent.exe
Failed to access process -> mainserv.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> atkexComSvc.exe
Failed to access process -> aaHMSvc.exe
Failed to access process -> AsSysCtrlService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> svchost.exe
Failed to access process -> dirmngr.exe
Failed to access process -> esClient.exe
Failed to access process -> FitbitConnectService.exe
Failed to access process -> FoxitConnectedPDFService.exe
Failed to access process -> IPROSetMonitor.exe
Failed to access process -> LightsOutClientService.exe
Failed to access process -> svchost.exe
Failed to access process -> NvNetworkService.exe
Failed to access process -> NvStreamService.exe
Failed to access process -> svchost.exe
Failed to access process -> polard.exe
Failed to access process -> RichVideo64.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SWGVCSvc.exe
Failed to access process -> Pen_Tablet.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> YammmSvc.exe
Failed to access process -> dataserv.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> WHSConnector.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> NisSrv.exe
Failed to access process -> NvStreamNetworkService.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> iPodService.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> svchost.exe
Failed to access process -> dllhost.exe
Failed to access process -> Microsoft.HomeServer.Archive.TransferService.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> NvXDSync.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(SanDisk Corporation) E:\Users\Daniel\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Polar\WebSync\WebSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Failed to access process -> Pen_Tablet.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(GOG.com) F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient.exe
(Schneider Electric) E:\Program Files (x86) - S\PowerChute\apcsystray.exe
(GOG.com) F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient Helper.exe
Failed to access process -> NvStreamUserAgent.exe
Failed to access process -> conhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
Failed to access process -> sppsvc.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-09-26] ()
HKLM-x32\...\Run: [Display] => E:\Program Files (x86) - S\PowerChute\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [Google Update] => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [SansaDispatch] => C:\Users\Daniel\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2015-03-28] (SanDisk Corporation)
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [GalaxyClient] => F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient.exe [3970112 2016-11-29] (GOG.com)
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\MountPoints2: {6dcb437f-6ecc-11e0-b9bd-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [322048 2013-02-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2012-01-18] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2014-12-17]
ShortcutTarget: APC UPS Status.lnk -> E:\Program Files (x86) - S\PowerChute\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync.lnk [2015-05-29]
ShortcutTarget: Polar WebSync.lnk -> C:\Program Files (x86)\Polar\WebSync\WebSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk [2011-04-24]
ShortcutTarget: Windows Home Server.lnk -> C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{189DEA4E-7DB8-443A-9155-FD68DD691CE4}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{29674B78-9422-4A91-8195-A4815DD66B08}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{609EA839-6E5B-44D9-9CC1-D15511EA3649}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: BrowserHelper Class -> {9A065C65-4EE7-4DDD-9918-F129089A894A} -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default [2016-12-01]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\v4992utb.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\v4992utb.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\v4992utb.default -> hxxp://www.cnn.com/
hxxp://slashdot.org/
hxxp://www.facebook.com/home.php
hxxps://mail.google.com/mail/?shva=1#inbox
FF Extension: (Add to Amazon Wish List Button) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\amznUWL2@amazon.com.xpi [2016-06-05]
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\artur.dubovoy@gmail.com [2016-11-13]
FF Extension: (Firebug) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-11]
FF Extension: (Firefox Hotfix) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (NoScript) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-28]
FF Extension: (Web Developer) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-08-22]
FF Extension: (QuickWiki) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi [2016-04-29]
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\searchplugins\thesaurus---referencecom.xml [2013-01-09]
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\searchplugins\webster.xml [2013-01-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-1000: @nsroblox.roblox.com/launcher -> C:\Users\Daniel\AppData\Local\Roblox\Versions\version-f57d20c466824405\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Daniel\AppData\Local\Roblox\Versions\version-f57d20c466824405\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-05] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Shockwave Flash) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Native Client) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (uMatrix) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieipoejdcf [2016-10-21]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor9.0; E:\Program Files (x86) - S\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 APC Data Service; E:\Program Files (x86) - S\PowerChute\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; E:\Program Files (x86) - S\PowerChute\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-01] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S3 DAUpdaterSvc; E:\Program Files (x86) - S\SteamLibrary\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-06-30] (BioWare)
R2 DirMngr; E:\Program Files (x86) - S\GPG\GnuPG\dirmngr.exe [218112 2013-08-20] () [File not signed]
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
S3 GalaxyClientService; F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClientService.exe [284224 2016-11-29] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-10] (GOG.com)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 LoClntService; C:\Program Files\Windows Home Server\LightsOutClientService.exe [36864 2009-07-03] (AxoNet Software GmbH) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S2 SkypeUpdate; E:\Program Files (x86) - S\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
R2 SWGVCSvc; E:\Program Files - S\Sonic Wall\SWGVCSvc.exe [287016 2012-04-03] (SonicWALL, Inc.)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 YammmSvc; C:\Program Files (x86)\Yammm\YammmSvc.exe [14336 2010-08-03] (Mikinho) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-04] (Citrix Systems, Inc.)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2013-09-02] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [46616 2007-01-24] (Belcarra Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-01 23:07 - 2016-12-01 23:07 - 00000000 ____D C:\FRST
2016-12-01 16:15 - 2016-12-01 16:15 - 00000022 _____ C:\Windows\S.dirmngr
2016-11-27 22:01 - 2016-11-28 22:12 - 00000000 ____D C:\Users\Daniel\Desktop\Candidate 2016 Photobook Photos
2016-11-21 16:41 - 2016-11-21 16:41 - 00000000 ____D C:\Program Files (x86)\ESET
2016-11-21 16:38 - 2016-11-21 16:38 - 00004745 _____ C:\Users\Administrator\Desktop\JRT.txt
2016-11-21 16:13 - 2016-11-21 23:16 - 00000000 ____D C:\AdwCleaner
2016-11-21 11:25 - 2016-11-21 11:25 - 00042902 _____ C:\Users\Daniel\Downloads\Cassie Durbin Six Week Time  Summary Sept 25 - Nov 5 2016.pdf
2016-11-19 23:24 - 2016-11-19 23:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-19 23:24 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-19 23:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-19 23:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-19 23:21 - 2016-11-19 23:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes
2016-11-19 15:54 - 2016-11-19 15:54 - 00000000 ____D C:\Users\Rebecca\Desktop\Old Firefox Data
2016-11-19 15:54 - 2016-11-19 15:54 - 00000000 ____D C:\Users\Rebecca.Phoenix\Desktop\Old Firefox Data
2016-11-19 15:53 - 2016-11-19 15:54 - 00000000 ____D C:\Users\Rebecca\AppData\LocalLow\Mozilla
2016-11-19 15:53 - 2016-11-19 15:54 - 00000000 ____D C:\Users\Rebecca.Phoenix\AppData\LocalLow\Mozilla
2016-11-18 21:43 - 2016-11-18 23:03 - 00000000 ____D C:\Users\Daniel\Documents\Game night invites
2016-11-17 20:13 - 2016-11-17 20:13 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Sun
2016-11-17 20:12 - 2016-11-17 20:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
2016-11-17 19:58 - 2016-12-01 23:04 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\Mozilla
2016-11-17 19:42 - 2016-11-17 19:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\.minecraft
2016-11-17 19:42 - 2016-11-17 19:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\java
2016-11-17 19:40 - 2016-12-01 16:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-08 21:27 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 21:27 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 21:27 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-08 21:27 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-08 21:27 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 21:27 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-08 21:27 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-08 21:27 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-08 21:27 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-08 21:27 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-08 21:27 - 2016-10-27 22:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-08 21:27 - 2016-10-27 22:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-08 21:27 - 2016-10-27 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-08 21:27 - 2016-10-27 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-08 21:27 - 2016-10-27 13:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-08 21:27 - 2016-10-27 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-08 21:27 - 2016-10-27 13:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-08 21:27 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-08 21:27 - 2016-10-27 13:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-08 21:27 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 21:27 - 2016-10-27 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-08 21:27 - 2016-10-27 13:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-08 21:27 - 2016-10-27 13:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-08 21:27 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-08 21:27 - 2016-10-27 13:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-08 21:27 - 2016-10-27 13:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-08 21:27 - 2016-10-27 13:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-08 21:27 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 21:27 - 2016-10-27 13:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-08 21:27 - 2016-10-27 13:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-08 21:27 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 21:27 - 2016-10-27 13:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-08 21:27 - 2016-10-27 13:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-08 21:27 - 2016-10-27 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-08 21:27 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 21:27 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 21:27 - 2016-10-27 13:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-08 21:27 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-08 21:27 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-08 21:27 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-08 21:27 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-08 21:27 - 2016-10-27 12:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-08 21:27 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 21:27 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-08 21:27 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 21:27 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 21:27 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-08 21:27 - 2016-10-25 10:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-08 21:27 - 2016-10-22 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-08 21:27 - 2016-10-22 12:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-08 21:27 - 2016-10-22 12:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-08 21:27 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-08 21:27 - 2016-10-22 12:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-08 21:27 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-08 21:27 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-08 21:27 - 2016-10-22 12:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-08 21:27 - 2016-10-22 12:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-08 21:27 - 2016-10-22 12:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-08 21:27 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-08 21:27 - 2016-10-22 12:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-08 21:27 - 2016-10-22 12:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-08 21:27 - 2016-10-22 12:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-08 21:27 - 2016-10-22 12:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-08 21:27 - 2016-10-22 12:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-08 21:27 - 2016-10-22 11:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-08 21:27 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-08 21:27 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-08 21:27 - 2016-10-22 11:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-08 21:27 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-08 21:27 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-08 21:27 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-08 21:27 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-08 21:27 - 2016-10-22 11:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-08 21:27 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-08 21:27 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-08 21:27 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-08 21:27 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-08 21:27 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 21:27 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 21:27 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-08 21:27 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-08 21:27 - 2016-10-11 10:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-08 21:27 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 21:27 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-08 21:27 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 21:27 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-08 21:27 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-08 21:27 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-08 21:27 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-08 21:27 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-08 21:27 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-08 21:27 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-08 21:27 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 21:27 - 2016-10-10 10:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-08 21:27 - 2016-10-10 10:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-08 21:27 - 2016-10-10 10:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-08 21:27 - 2016-10-10 10:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-08 21:27 - 2016-10-10 10:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 21:27 - 2016-10-10 10:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-08 21:27 - 2016-10-10 10:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-08 21:27 - 2016-10-10 09:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-08 21:27 - 2016-10-10 09:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-08 21:27 - 2016-10-10 09:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-08 21:27 - 2016-10-10 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-08 21:27 - 2016-10-10 09:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-08 21:27 - 2016-10-10 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-08 21:27 - 2016-10-07 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-08 21:27 - 2016-10-07 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 21:27 - 2016-10-07 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-08 21:27 - 2016-10-07 10:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-08 21:27 - 2016-10-07 10:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-08 21:27 - 2016-10-07 10:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-08 21:27 - 2016-10-07 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-08 21:27 - 2016-10-07 10:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-08 21:27 - 2016-10-07 10:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-08 21:27 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-08 21:27 - 2016-10-07 09:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-08 21:27 - 2016-10-07 09:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-08 21:27 - 2016-10-07 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-08 21:27 - 2016-10-07 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-08 21:27 - 2016-10-07 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-08 21:27 - 2016-10-07 09:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 09:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 09:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 09:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-08 21:27 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 21:27 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 21:27 - 2016-09-13 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-08 21:27 - 2016-09-13 10:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-08 21:27 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 21:27 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-08 21:27 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-01 23:09 - 2009-07-13 23:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-01 23:09 - 2009-07-13 23:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-01 23:07 - 2010-06-04 21:35 - 00000000 ____D C:\Users\Daniel\Downloads\Malware Cleaning
2016-12-01 22:55 - 2013-05-20 21:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-01 22:52 - 2011-04-24 21:02 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022051664-3807320802-2861752688-1000UA.job
2016-12-01 22:02 - 2010-03-08 23:02 - 00000000 ____D C:\Users\Daniel\Documents\Dermatology Associates
2016-12-01 21:09 - 2011-04-24 21:16 - 00000000 ____D C:\Windows\system32\(System Reserved)
2016-12-01 16:21 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-01 16:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-12-01 16:15 - 2016-07-11 09:44 - 00000000 ____D C:\ProgramData\Foxit Software
2016-12-01 16:15 - 2012-12-06 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-01 16:15 - 2011-05-18 17:18 - 00000000 ____D C:\ProgramData\LightsOut
2016-12-01 16:15 - 2011-04-24 16:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-01 16:15 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-30 23:06 - 2014-12-25 00:38 - 00043012 _____ C:\Windows\SysWOW64\PCPELog.txt
2016-11-30 19:47 - 2012-04-14 18:07 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\.minecraft
2016-11-30 19:45 - 2016-09-25 17:09 - 00001172 _____ C:\Users\Daniel\Desktop\nativelog.txt
2016-11-30 19:44 - 2011-04-30 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\KeePass
2016-11-30 19:21 - 2011-04-24 21:04 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-30 19:21 - 2011-04-24 21:04 - 00001945 _____ C:\Windows\epplauncher.mif
2016-11-30 19:20 - 2012-04-24 22:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-11-30 19:20 - 2011-04-24 21:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-29 16:55 - 2016-10-18 17:36 - 00000000 ____D C:\Users\Katie\AppData\Roaming\.minecraft
2016-11-28 07:52 - 2011-04-24 21:02 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022051664-3807320802-2861752688-1000Core.job
2016-11-22 20:34 - 2011-04-24 17:29 - 00000000 ____D C:\Users\Administrator
2016-11-22 19:10 - 2015-02-18 22:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\Steam
2016-11-21 22:43 - 2013-06-08 11:35 - 00000000 ____D C:\Users\Daniel\Downloads\VideoPad
2016-11-21 22:43 - 2012-01-26 21:45 - 00000000 ____D C:\Users\Daniel\Downloads\Printer Drivers
2016-11-21 19:20 - 2011-03-13 21:41 - 00049086 _____ C:\Users\Daniel\Documents\DanPs.kdbx
2016-11-21 16:28 - 2016-03-03 20:41 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2016-11-19 23:24 - 2012-11-06 22:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-17 20:17 - 2012-11-20 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-17 20:17 - 2011-04-24 16:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-17 20:17 - 2011-04-24 16:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-17 20:17 - 2011-04-24 16:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-17 20:13 - 2014-01-01 21:42 - 00000000 ____D C:\Program Files\Java
2016-11-17 20:12 - 2014-01-01 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-17 20:11 - 2014-01-01 21:30 - 00000000 ____D C:\ProgramData\Oracle
2016-11-17 20:10 - 2013-03-10 21:25 - 00000000 ____D C:\Users\Daniel\Downloads\Java
2016-11-17 19:33 - 2016-09-17 13:39 - 00000750 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-11-17 19:33 - 2016-09-17 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-11-17 19:19 - 2011-04-24 20:58 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2016-11-16 22:55 - 2016-05-26 19:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-14 15:53 - 2011-04-24 21:03 - 00002380 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-13 19:47 - 2011-04-24 22:40 - 00000000 ____D C:\Program Files (x86)\Stardock Games
2016-11-13 17:40 - 2016-07-03 13:31 - 00000000 ____D C:\Users\Katie\AppData\Roaming\StardewValley
2016-11-09 20:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-11-09 06:55 - 2011-04-24 21:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google
2016-11-09 06:50 - 2009-07-13 23:45 - 00341288 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-08 23:13 - 2013-08-13 21:45 - 00000000 ____D C:\Windows\system32\MRT
2016-11-08 23:09 - 2011-04-24 20:59 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 21:55 - 2012-07-15 13:09 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 21:55 - 2012-07-15 13:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 21:55 - 2011-11-19 09:50 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-08 21:55 - 2011-04-24 20:44 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2015-09-19 13:32 - 2015-09-19 13:32 - 0002836 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel
2008-02-05 12:28 - 2008-02-05 12:28 - 0000051 _____ () C:\Users\Daniel\AppData\Local\setup.txt
2014-10-18 21:52 - 2014-11-19 22:58 - 0000156 _____ () C:\Users\Daniel\AppData\Local\vmrWorkAround.log
2011-04-26 23:01 - 2012-11-08 22:28 - 0006629 _____ () C:\ProgramData\hpzinstall.log
2012-12-15 14:25 - 2015-02-16 21:38 - 0009972 _____ () C:\ProgramData\LMADKscan.log
2016-05-27 15:15 - 2016-05-27 15:15 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Administrator\en_res.dll
C:\Users\Administrator\es_res.dll
C:\Users\Administrator\fr_res.dll
C:\Users\Administrator\grm_res.dll
C:\Users\Administrator\it_res.dll
C:\Users\Administrator\jp_res.dll
C:\Users\Administrator\mfc80u.dll
C:\Users\Administrator\msvcr80.dll
C:\Users\Administrator\PCPE Setup.exe
C:\Users\Administrator\pt_res.dll
C:\Users\Administrator\ResourceReader.dll
C:\Users\Administrator\ru_res.dll
C:\Users\Administrator\zh_res.dll
C:\Users\Daniel\xobglu16.dll
C:\Users\Daniel\xobglu32.dll
C:\Users\Public\abv21.exe
C:\Users\Public\h310to14.exe
C:\Users\Public\PS_AIO_06_C309g-m_USW_Full_Win_enu_130_205.exe


Some files in TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\_isDA38.exe
C:\Users\Daniel\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Daniel\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Daniel\AppData\Local\Temp\npp.6.7.7.Installer.exe
C:\Users\Daniel\AppData\Local\Temp\npp.6.7.9.2.Installer.exe
C:\Users\Daniel\AppData\Local\Temp\npp.6.8.1.Installer.exe
C:\Users\Daniel\AppData\Local\Temp\RWSCleanup.dll
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\websync_2.8.3.exe
C:\Users\Daniel\AppData\Local\Temp\_isC46A.exe
C:\Users\Daniel\AppData\Local\Temp\_isDA38.exe
C:\Users\Daniel\AppData\Local\Temp\_isFCC8.exe
C:\Users\Daniel\AppData\Local\Temp\{1D3B6702-A700-4779-8B6F-FAFA98BDB146}-36.0.1985.125_35.0.1916.153_chrome_updater.exe
C:\Users\Rebecca\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Rebecca\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Rebecca\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rebecca.Phoenix\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Rebecca.Phoenix\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Rebecca.Phoenix\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 07 December 2016 - 10:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/633790 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 SpitzNevus

SpitzNevus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 08 December 2016 - 06:51 PM

As instructed by Helpbot, I am replying with a new FRST.txt, included below, and addition.txt, attached. The description of my problem has not changed from my initial post. I probably have the Windows DVD around here somewhere, but I'd have to dig it up.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Daniel (ATTENTION: The user is not administrator) on PHOENIX (08-12-2016 18:39:11)
Running from C:\Users\Daniel\Downloads\Malware Cleaning
Loaded Profiles: Daniel (Available Profiles: Daniel & Karya & Rebecca & Mcx1-PHOENIX & Diana & Katie & Haeun & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> winlogon.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> nvSCPAPISvr.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> Pen_TouchService.exe
Failed to access process -> wisptis.exe
Failed to access process -> NvXDSync.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> PhotoshopElementsFileAgent.exe
Failed to access process -> mainserv.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> atkexComSvc.exe
Failed to access process -> aaHMSvc.exe
Failed to access process -> AsSysCtrlService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> svchost.exe
Failed to access process -> dirmngr.exe
Failed to access process -> esClient.exe
Failed to access process -> FitbitConnectService.exe
Failed to access process -> FoxitConnectedPDFService.exe
Failed to access process -> IPROSetMonitor.exe
Failed to access process -> LightsOutClientService.exe
Failed to access process -> svchost.exe
Failed to access process -> NvNetworkService.exe
Failed to access process -> NvStreamService.exe
Failed to access process -> svchost.exe
Failed to access process -> polard.exe
Failed to access process -> RichVideo64.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SWGVCSvc.exe
Failed to access process -> Pen_Tablet.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> YammmSvc.exe
Failed to access process -> dataserv.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> WHSConnector.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> NisSrv.exe
Failed to access process -> NvStreamNetworkService.exe
Failed to access process -> svchost.exe
Failed to access process -> NvStreamUserAgent.exe
Failed to access process -> conhost.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) E:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
(SanDisk Corporation) E:\Users\Daniel\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
Failed to access process -> Pen_Tablet.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Polar\WebSync\WebSync.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
Failed to access process -> SearchIndexer.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Failed to access process -> iPodService.exe
() C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> wmpnetwk.exe
(GOG.com) F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient.exe
(Schneider Electric) E:\Program Files (x86) - S\PowerChute\apcsystray.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
(GOG.com) F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient Helper.exe
Failed to access process -> ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
Failed to access process -> Microsoft.HomeServer.Archive.TransferService.exe
Failed to access process -> IAStorDataMgrSvc.exe
Failed to access process -> sppsvc.exe
Failed to access process -> dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-09-26] ()
HKLM-x32\...\Run: [Display] => E:\Program Files (x86) - S\PowerChute\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [Google Update] => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [SansaDispatch] => C:\Users\Daniel\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2015-03-28] (SanDisk Corporation)
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [GalaxyClient] => F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient.exe [3971136 2016-12-06] (GOG.com)
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\MountPoints2: {6dcb437f-6ecc-11e0-b9bd-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [322048 2013-02-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2012-01-18] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2014-12-17]
ShortcutTarget: APC UPS Status.lnk -> E:\Program Files (x86) - S\PowerChute\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync.lnk [2015-05-29]
ShortcutTarget: Polar WebSync.lnk -> C:\Program Files (x86)\Polar\WebSync\WebSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk [2011-04-24]
ShortcutTarget: Windows Home Server.lnk -> C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{189DEA4E-7DB8-443A-9155-FD68DD691CE4}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{29674B78-9422-4A91-8195-A4815DD66B08}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{609EA839-6E5B-44D9-9CC1-D15511EA3649}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: BrowserHelper Class -> {9A065C65-4EE7-4DDD-9918-F129089A894A} -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default [2016-12-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\v4992utb.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\v4992utb.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\v4992utb.default -> hxxp://www.cnn.com/
hxxp://slashdot.org/
hxxp://www.facebook.com/home.php
hxxps://mail.google.com/mail/?shva=1#inbox
FF Extension: (Add to Amazon Wish List Button) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\amznUWL2@amazon.com.xpi [2016-06-05]
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\artur.dubovoy@gmail.com [2016-11-13]
FF Extension: (Firebug) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-11]
FF Extension: (Firefox Hotfix) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (NoScript) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-11-28]
FF Extension: (Web Developer) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-08-22]
FF Extension: (QuickWiki) - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi [2016-04-29]
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\searchplugins\thesaurus---referencecom.xml [2013-01-09]
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\searchplugins\webster.xml [2013-01-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-1000: @nsroblox.roblox.com/launcher -> C:\Users\Daniel\AppData\Local\Roblox\Versions\version-f57d20c466824405\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Daniel\AppData\Local\Roblox\Versions\version-f57d20c466824405\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-05] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Shockwave Flash) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Native Client) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Google Update) - C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2016-12-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (uMatrix) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieipoejdcf [2016-10-21]
CHR Extension: (Chrome Media Router) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor9.0; E:\Program Files (x86) - S\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 APC Data Service; E:\Program Files (x86) - S\PowerChute\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; E:\Program Files (x86) - S\PowerChute\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-01] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S3 DAUpdaterSvc; E:\Program Files (x86) - S\SteamLibrary\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-06-30] (BioWare)
R2 DirMngr; E:\Program Files (x86) - S\GPG\GnuPG\dirmngr.exe [218112 2013-08-20] () [File not signed]
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
S3 GalaxyClientService; F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClientService.exe [284224 2016-12-06] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-10] (GOG.com)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 LoClntService; C:\Program Files\Windows Home Server\LightsOutClientService.exe [36864 2009-07-03] (AxoNet Software GmbH) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S2 SkypeUpdate; E:\Program Files (x86) - S\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
R2 SWGVCSvc; E:\Program Files - S\Sonic Wall\SWGVCSvc.exe [287016 2012-04-03] (SonicWALL, Inc.)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 YammmSvc; C:\Program Files (x86)\Yammm\YammmSvc.exe [14336 2010-08-03] (Mikinho) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-04] (Citrix Systems, Inc.)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2013-09-02] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [46616 2007-01-24] (Belcarra Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-08 15:55 - 2016-12-08 18:36 - 00000022 _____ C:\Windows\S.dirmngr
2016-12-03 21:38 - 2016-12-03 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-03 21:38 - 2016-12-03 21:38 - 00000000 ____D C:\Program Files\iTunes
2016-12-03 21:38 - 2016-12-03 21:38 - 00000000 ____D C:\Program Files\iPod
2016-12-03 21:37 - 2016-12-03 21:37 - 00000000 ____D C:\Program Files\Bonjour
2016-12-03 21:37 - 2016-12-03 21:37 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-12-03 21:35 - 2016-12-03 21:35 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-01 23:07 - 2016-12-08 18:26 - 00000000 ____D C:\FRST
2016-11-27 22:01 - 2016-12-07 21:40 - 00000000 ____D C:\Users\Daniel\Desktop\Candidate 2016 Photobook Photos
2016-11-21 16:41 - 2016-11-21 16:41 - 00000000 ____D C:\Program Files (x86)\ESET
2016-11-21 16:38 - 2016-11-21 16:38 - 00004745 _____ C:\Users\Administrator\Desktop\JRT.txt
2016-11-21 16:13 - 2016-11-21 23:16 - 00000000 ____D C:\AdwCleaner
2016-11-21 11:25 - 2016-11-21 11:25 - 00042902 _____ C:\Users\Daniel\Downloads\Cassie Durbin Six Week Time  Summary Sept 25 - Nov 5 2016.pdf
2016-11-19 23:24 - 2016-11-19 23:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-19 23:24 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-19 23:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-19 23:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-19 23:21 - 2016-11-19 23:21 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Malwarebytes
2016-11-19 15:54 - 2016-11-19 15:54 - 00000000 ____D C:\Users\Rebecca\Desktop\Old Firefox Data
2016-11-19 15:54 - 2016-11-19 15:54 - 00000000 ____D C:\Users\Rebecca.Phoenix\Desktop\Old Firefox Data
2016-11-19 15:53 - 2016-11-19 15:54 - 00000000 ____D C:\Users\Rebecca\AppData\LocalLow\Mozilla
2016-11-19 15:53 - 2016-11-19 15:54 - 00000000 ____D C:\Users\Rebecca.Phoenix\AppData\LocalLow\Mozilla
2016-11-18 21:43 - 2016-11-18 23:03 - 00000000 ____D C:\Users\Daniel\Documents\Game night invites
2016-11-17 20:13 - 2016-11-17 20:13 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Sun
2016-11-17 20:12 - 2016-11-17 20:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
2016-11-17 19:58 - 2016-12-08 18:39 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\Mozilla
2016-11-17 19:42 - 2016-11-17 19:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\.minecraft
2016-11-17 19:42 - 2016-11-17 19:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\java
2016-11-17 19:40 - 2016-12-01 16:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-08 21:27 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 21:27 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 21:27 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-08 21:27 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-08 21:27 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 21:27 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-08 21:27 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-08 21:27 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-08 21:27 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-08 21:27 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-08 21:27 - 2016-10-27 22:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-08 21:27 - 2016-10-27 22:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-08 21:27 - 2016-10-27 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-08 21:27 - 2016-10-27 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-08 21:27 - 2016-10-27 13:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-08 21:27 - 2016-10-27 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-08 21:27 - 2016-10-27 13:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-08 21:27 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-08 21:27 - 2016-10-27 13:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-08 21:27 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 21:27 - 2016-10-27 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-08 21:27 - 2016-10-27 13:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-08 21:27 - 2016-10-27 13:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-08 21:27 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-08 21:27 - 2016-10-27 13:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-08 21:27 - 2016-10-27 13:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-08 21:27 - 2016-10-27 13:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-08 21:27 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 21:27 - 2016-10-27 13:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-08 21:27 - 2016-10-27 13:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-08 21:27 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 21:27 - 2016-10-27 13:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-08 21:27 - 2016-10-27 13:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-08 21:27 - 2016-10-27 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-08 21:27 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 21:27 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 21:27 - 2016-10-27 13:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-08 21:27 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-08 21:27 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-08 21:27 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-08 21:27 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-08 21:27 - 2016-10-27 12:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-08 21:27 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 21:27 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-08 21:27 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 21:27 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 21:27 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-08 21:27 - 2016-10-25 10:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-08 21:27 - 2016-10-22 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-08 21:27 - 2016-10-22 12:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-08 21:27 - 2016-10-22 12:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-08 21:27 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-08 21:27 - 2016-10-22 12:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-08 21:27 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-08 21:27 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-08 21:27 - 2016-10-22 12:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-08 21:27 - 2016-10-22 12:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-08 21:27 - 2016-10-22 12:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-08 21:27 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-08 21:27 - 2016-10-22 12:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-08 21:27 - 2016-10-22 12:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-08 21:27 - 2016-10-22 12:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-08 21:27 - 2016-10-22 12:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-08 21:27 - 2016-10-22 12:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-08 21:27 - 2016-10-22 11:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-08 21:27 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-08 21:27 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-08 21:27 - 2016-10-22 11:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-08 21:27 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-08 21:27 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-08 21:27 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-08 21:27 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-08 21:27 - 2016-10-22 11:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-08 21:27 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-08 21:27 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-08 21:27 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-08 21:27 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-08 21:27 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 21:27 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 21:27 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-08 21:27 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-08 21:27 - 2016-10-11 10:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-08 21:27 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 21:27 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-08 21:27 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 21:27 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-08 21:27 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-08 21:27 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-08 21:27 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-08 21:27 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-08 21:27 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-08 21:27 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-08 21:27 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-08 21:27 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-08 21:27 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 21:27 - 2016-10-10 10:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-08 21:27 - 2016-10-10 10:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-08 21:27 - 2016-10-10 10:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-08 21:27 - 2016-10-10 10:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-08 21:27 - 2016-10-10 10:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 21:27 - 2016-10-10 10:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-08 21:27 - 2016-10-10 10:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-08 21:27 - 2016-10-10 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-08 21:27 - 2016-10-10 10:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-08 21:27 - 2016-10-10 09:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-08 21:27 - 2016-10-10 09:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-08 21:27 - 2016-10-10 09:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-08 21:27 - 2016-10-10 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-08 21:27 - 2016-10-10 09:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-08 21:27 - 2016-10-10 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-08 21:27 - 2016-10-07 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-08 21:27 - 2016-10-07 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 21:27 - 2016-10-07 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-08 21:27 - 2016-10-07 10:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-08 21:27 - 2016-10-07 10:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-08 21:27 - 2016-10-07 10:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 10:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-08 21:27 - 2016-10-07 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-08 21:27 - 2016-10-07 10:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-08 21:27 - 2016-10-07 10:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-08 21:27 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-08 21:27 - 2016-10-07 09:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-08 21:27 - 2016-10-07 09:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-08 21:27 - 2016-10-07 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-08 21:27 - 2016-10-07 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-08 21:27 - 2016-10-07 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-08 21:27 - 2016-10-07 09:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 09:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 09:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 21:27 - 2016-10-07 09:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-08 21:27 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 21:27 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 21:27 - 2016-09-13 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-08 21:27 - 2016-09-13 10:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-08 21:27 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 21:27 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-08 21:27 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-08 18:36 - 2011-04-24 16:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-08 18:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-08 18:26 - 2010-06-04 21:35 - 00000000 ____D C:\Users\Daniel\Downloads\Malware Cleaning
2016-12-08 17:55 - 2013-05-20 21:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-08 17:52 - 2011-04-24 21:02 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022051664-3807320802-2861752688-1000UA.job
2016-12-08 16:09 - 2009-07-13 23:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-08 16:09 - 2009-07-13 23:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-08 16:02 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-08 16:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-12-08 15:55 - 2016-07-11 09:44 - 00000000 ____D C:\ProgramData\Foxit Software
2016-12-08 15:55 - 2011-05-18 17:18 - 00000000 ____D C:\ProgramData\LightsOut
2016-12-07 22:22 - 2014-12-25 00:38 - 00051262 _____ C:\Windows\SysWOW64\PCPELog.txt
2016-12-07 21:00 - 2011-04-24 21:16 - 00000000 ____D C:\Windows\system32\(System Reserved)
2016-12-06 21:43 - 2009-07-14 00:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-05 22:01 - 2011-04-30 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\KeePass
2016-12-03 21:38 - 2012-10-21 19:41 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-03 21:38 - 2011-06-07 21:21 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2016-12-03 21:38 - 2011-04-29 23:22 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-03 21:35 - 2011-04-29 23:22 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-01 22:02 - 2010-03-08 23:02 - 00000000 ____D C:\Users\Daniel\Documents\Dermatology Associates
2016-12-01 16:15 - 2012-12-06 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-30 19:47 - 2012-04-14 18:07 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\.minecraft
2016-11-30 19:45 - 2016-09-25 17:09 - 00001172 _____ C:\Users\Daniel\Desktop\nativelog.txt
2016-11-30 19:21 - 2011-04-24 21:04 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-30 19:21 - 2011-04-24 21:04 - 00001945 _____ C:\Windows\epplauncher.mif
2016-11-30 19:20 - 2012-04-24 22:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-11-30 19:20 - 2011-04-24 21:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-29 16:55 - 2016-10-18 17:36 - 00000000 ____D C:\Users\Katie\AppData\Roaming\.minecraft
2016-11-28 07:52 - 2011-04-24 21:02 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022051664-3807320802-2861752688-1000Core.job
2016-11-22 20:34 - 2011-04-24 17:29 - 00000000 ____D C:\Users\Administrator
2016-11-22 19:10 - 2015-02-18 22:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\Steam
2016-11-21 22:43 - 2013-06-08 11:35 - 00000000 ____D C:\Users\Daniel\Downloads\VideoPad
2016-11-21 22:43 - 2012-01-26 21:45 - 00000000 ____D C:\Users\Daniel\Downloads\Printer Drivers
2016-11-21 19:20 - 2011-03-13 21:41 - 00049086 _____ C:\Users\Daniel\Documents\DanPs.kdbx
2016-11-21 16:28 - 2016-03-03 20:41 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps
2016-11-19 23:24 - 2012-11-06 22:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-17 20:17 - 2012-11-20 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-17 20:17 - 2011-04-24 16:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-17 20:17 - 2011-04-24 16:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-17 20:17 - 2011-04-24 16:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-17 20:13 - 2014-01-01 21:42 - 00000000 ____D C:\Program Files\Java
2016-11-17 20:12 - 2014-01-01 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-17 20:11 - 2014-01-01 21:30 - 00000000 ____D C:\ProgramData\Oracle
2016-11-17 20:10 - 2013-03-10 21:25 - 00000000 ____D C:\Users\Daniel\Downloads\Java
2016-11-17 19:33 - 2016-09-17 13:39 - 00000750 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-11-17 19:33 - 2016-09-17 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-11-17 19:19 - 2011-04-24 20:58 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2016-11-16 22:55 - 2016-05-26 19:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-14 15:53 - 2011-04-24 21:03 - 00002380 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-13 19:47 - 2011-04-24 22:40 - 00000000 ____D C:\Program Files (x86)\Stardock Games
2016-11-13 17:40 - 2016-07-03 13:31 - 00000000 ____D C:\Users\Katie\AppData\Roaming\StardewValley
2016-11-09 20:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-11-09 06:55 - 2011-04-24 21:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\Google
2016-11-09 06:50 - 2009-07-13 23:45 - 00341288 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-08 23:13 - 2013-08-13 21:45 - 00000000 ____D C:\Windows\system32\MRT
2016-11-08 23:09 - 2011-04-24 20:59 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 21:55 - 2012-07-15 13:09 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 21:55 - 2012-07-15 13:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 21:55 - 2011-11-19 09:50 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-08 21:55 - 2011-04-24 20:44 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2015-09-19 13:32 - 2015-09-19 13:32 - 0002836 _____ () C:\Users\Daniel\AppData\Local\recently-used.xbel
2008-02-05 12:28 - 2008-02-05 12:28 - 0000051 _____ () C:\Users\Daniel\AppData\Local\setup.txt
2014-10-18 21:52 - 2014-11-19 22:58 - 0000156 _____ () C:\Users\Daniel\AppData\Local\vmrWorkAround.log
2011-04-26 23:01 - 2012-11-08 22:28 - 0006629 _____ () C:\ProgramData\hpzinstall.log
2012-12-15 14:25 - 2015-02-16 21:38 - 0009972 _____ () C:\ProgramData\LMADKscan.log
2016-05-27 15:15 - 2016-05-27 15:15 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Administrator\en_res.dll
C:\Users\Administrator\es_res.dll
C:\Users\Administrator\fr_res.dll
C:\Users\Administrator\grm_res.dll
C:\Users\Administrator\it_res.dll
C:\Users\Administrator\jp_res.dll
C:\Users\Administrator\mfc80u.dll
C:\Users\Administrator\msvcr80.dll
C:\Users\Administrator\PCPE Setup.exe
C:\Users\Administrator\pt_res.dll
C:\Users\Administrator\ResourceReader.dll
C:\Users\Administrator\ru_res.dll
C:\Users\Administrator\zh_res.dll
C:\Users\Daniel\xobglu16.dll
C:\Users\Daniel\xobglu32.dll
C:\Users\Public\abv21.exe
C:\Users\Public\h310to14.exe
C:\Users\Public\PS_AIO_06_C309g-m_USW_Full_Win_enu_130_205.exe


Some files in TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\_isDA38.exe
C:\Users\Daniel\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Daniel\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Daniel\AppData\Local\Temp\npp.6.7.7.Installer.exe
C:\Users\Daniel\AppData\Local\Temp\npp.6.7.9.2.Installer.exe
C:\Users\Daniel\AppData\Local\Temp\npp.6.8.1.Installer.exe
C:\Users\Daniel\AppData\Local\Temp\RWSCleanup.dll
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\websync_2.8.3.exe
C:\Users\Daniel\AppData\Local\Temp\_isC46A.exe
C:\Users\Daniel\AppData\Local\Temp\_isDA38.exe
C:\Users\Daniel\AppData\Local\Temp\_isFCC8.exe
C:\Users\Daniel\AppData\Local\Temp\{1D3B6702-A700-4779-8B6F-FAFA98BDB146}-36.0.1985.125_35.0.1916.153_chrome_updater.exe
C:\Users\Rebecca\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Rebecca\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Rebecca\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rebecca.Phoenix\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Rebecca.Phoenix\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Rebecca.Phoenix\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:17 AM

Posted 09 December 2016 - 09:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Ran by Daniel (ATTENTION: The user is not administrator) on PHOENIX (08-12-2016 18:39:11)

Please run the Farbar tool from an Administrator account.

Post a fresh FRST.log for my review.

#5 SpitzNevus

SpitzNevus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 20 December 2016 - 09:39 PM

Thank you for the reply, sorry about the delay in my response. FRST log run as administrator below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by Administrator (administrator) on PHOENIX (20-12-2016 20:29:38)
Running from C:\Users\Daniel\Downloads\Malware Cleaning
Loaded Profiles: Daniel & Administrator (Available Profiles: Daniel & Karya & Rebecca & Mcx1-PHOENIX & Diana & Katie & Haeun & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Adobe Systems Incorporated) E:\Program Files (x86) - S\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Schneider Electric) E:\Program Files (x86) - S\PowerChute\mainserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() E:\Program Files (x86) - S\GPG\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\FitbitConnectService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(AxoNet Software GmbH) C:\Program Files\Windows Home Server\LightsOutClientService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
(SonicWALL, Inc.) E:\Program Files - S\Sonic Wall\SWGVCSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Mikinho) C:\Program Files (x86)\Yammm\YammmSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Schneider Electric) E:\Program Files (x86) - S\PowerChute\dataserv.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(SanDisk Corporation) E:\Users\Daniel\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Polar\WebSync\WebSync.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSTrayApp.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
() C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Schneider Electric) E:\Program Files (x86) - S\PowerChute\apcsystray.exe
(GOG.com) F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient.exe
(GOG.com) F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient Helper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\BackupEngine.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646232 2011-09-26] ()
HKLM-x32\...\Run: [Display] => E:\Program Files (x86) - S\PowerChute\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [Google Update] => C:\Users\Daniel\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [SansaDispatch] => C:\Users\Daniel\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2015-03-28] (SanDisk Corporation)
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [GalaxyClient] => F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClient.exe [3971648 2016-12-20] (GOG.com)
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\MountPoints2: {6dcb437f-6ecc-11e0-b9bd-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [322048 2013-02-05] (Microsoft Corporation)
HKU\S-1-5-21-3022051664-3807320802-2861752688-500\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-3022051664-3807320802-2861752688-500\...\Run: [Steam] => F:\Program Files (x86) - SSD\Steam\steam.exe [2876704 2016-12-09] (Valve Corporation)
HKU\S-1-5-21-3022051664-3807320802-2861752688-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2014-12-17]
ShortcutTarget: APC UPS Status.lnk -> E:\Program Files (x86) - S\PowerChute\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync.lnk [2015-05-29]
ShortcutTarget: Polar WebSync.lnk -> C:\Program Files (x86)\Polar\WebSync\WebSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk [2011-04-24]
ShortcutTarget: Windows Home Server.lnk -> C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{189DEA4E-7DB8-443A-9155-FD68DD691CE4}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{29674B78-9422-4A91-8195-A4815DD66B08}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{609EA839-6E5B-44D9-9CC1-D15511EA3649}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-3022051664-3807320802-2861752688-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: BrowserHelper Class -> {9A065C65-4EE7-4DDD-9918-F129089A894A} -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ixsef3xc.default [2015-05-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-23] (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-1000: @nsroblox.roblox.com/launcher -> C:\Users\Daniel\AppData\Local\Roblox\Versions\version-f57d20c466824405\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Daniel\AppData\Local\Roblox\Versions\version-f57d20c466824405\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-500: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-8c5c6ce7499b4544\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-500: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-8c5c6ce7499b4544\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3022051664-3807320802-2861752688-500: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor9.0; E:\Program Files (x86) - S\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 APC Data Service; E:\Program Files (x86) - S\PowerChute\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; E:\Program Files (x86) - S\PowerChute\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-01] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S3 DAUpdaterSvc; E:\Program Files (x86) - S\SteamLibrary\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-06-30] (BioWare)
R2 DirMngr; E:\Program Files (x86) - S\GPG\GnuPG\dirmngr.exe [218112 2013-08-20] () [File not signed]
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
S3 GalaxyClientService; F:\Program Files (x86) - SSD\GalaxyClient\GalaxyClientService.exe [284224 2016-12-20] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-10] (GOG.com)
R2 LoClntService; C:\Program Files\Windows Home Server\LightsOutClientService.exe [36864 2009-07-03] (AxoNet Software GmbH) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S2 SkypeUpdate; E:\Program Files (x86) - S\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
R2 SWGVCSvc; E:\Program Files - S\Sonic Wall\SWGVCSvc.exe [287016 2012-04-03] (SonicWALL, Inc.)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 YammmSvc; C:\Program Files (x86)\Yammm\YammmSvc.exe [14336 2010-08-03] (Mikinho) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-04] (Citrix Systems, Inc.)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2013-09-02] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RemoteControl-USBLAN; C:\Windows\System32\DRIVERS\rcblan.sys [46616 2007-01-24] (Belcarra Technologies)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-20 12:45 - 2016-12-20 12:45 - 00000022 _____ C:\Windows\S.dirmngr
2016-12-19 16:39 - 2016-12-19 16:42 - 00000000 ____D C:\Users\Administrator\Documents\Warlords Battlecry III
2016-12-13 22:25 - 2016-12-13 22:25 - 00000000 ____D C:\Users\Daniel\AppData\Local\Chromium
2016-12-13 16:43 - 2016-11-21 13:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-13 16:43 - 2016-11-21 13:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-13 16:43 - 2016-11-21 13:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-13 16:43 - 2016-11-21 13:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-13 16:43 - 2016-11-20 11:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-13 16:43 - 2016-11-20 11:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-13 16:43 - 2016-11-20 11:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-13 16:43 - 2016-11-20 11:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-13 16:43 - 2016-11-20 11:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-13 16:43 - 2016-11-20 11:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-13 16:43 - 2016-11-20 11:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-13 16:43 - 2016-11-20 11:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-13 16:43 - 2016-11-20 11:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-13 16:43 - 2016-11-20 11:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-13 16:43 - 2016-11-20 11:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-13 16:43 - 2016-11-20 11:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-13 16:43 - 2016-11-20 11:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-13 16:43 - 2016-11-20 11:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-13 16:43 - 2016-11-20 11:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-13 16:43 - 2016-11-20 11:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-13 16:43 - 2016-11-20 11:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-13 16:43 - 2016-11-20 11:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-13 16:43 - 2016-11-20 10:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-13 16:43 - 2016-11-20 10:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-13 16:43 - 2016-11-20 10:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-13 16:43 - 2016-11-20 10:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-13 16:43 - 2016-11-20 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-13 16:43 - 2016-11-20 10:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-13 16:43 - 2016-11-20 09:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-13 16:43 - 2016-11-17 11:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-13 16:43 - 2016-11-14 18:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-13 16:43 - 2016-11-14 17:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-13 16:43 - 2016-11-12 14:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-13 16:43 - 2016-11-12 14:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-13 16:43 - 2016-11-12 14:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-13 16:43 - 2016-11-12 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-13 16:43 - 2016-11-12 14:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-13 16:43 - 2016-11-12 14:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-13 16:43 - 2016-11-12 14:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-13 16:43 - 2016-11-12 14:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-13 16:43 - 2016-11-12 14:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-13 16:43 - 2016-11-12 14:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-13 16:43 - 2016-11-12 14:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-13 16:43 - 2016-11-12 14:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-13 16:43 - 2016-11-12 14:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-13 16:43 - 2016-11-12 14:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-13 16:43 - 2016-11-12 14:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-13 16:43 - 2016-11-12 14:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-13 16:43 - 2016-11-12 13:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-13 16:43 - 2016-11-12 13:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-13 16:43 - 2016-11-12 13:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-13 16:43 - 2016-11-12 13:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-13 16:43 - 2016-11-12 13:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-13 16:43 - 2016-11-12 13:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-13 16:43 - 2016-11-12 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-13 16:43 - 2016-11-12 13:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-13 16:43 - 2016-11-12 13:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-13 16:43 - 2016-11-12 13:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-13 16:43 - 2016-11-12 13:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-13 16:43 - 2016-11-12 13:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-13 16:43 - 2016-11-12 13:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-13 16:43 - 2016-11-12 13:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-13 16:43 - 2016-11-12 13:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-13 16:43 - 2016-11-12 13:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-13 16:43 - 2016-11-12 13:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-13 16:43 - 2016-11-12 13:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-13 16:43 - 2016-11-12 13:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-13 16:43 - 2016-11-12 13:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-13 16:43 - 2016-11-12 13:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-13 16:43 - 2016-11-12 13:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-13 16:43 - 2016-11-12 13:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-13 16:43 - 2016-11-12 13:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-13 16:43 - 2016-11-12 13:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-13 16:43 - 2016-11-12 13:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-13 16:43 - 2016-11-12 13:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-13 16:43 - 2016-11-12 13:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-13 16:43 - 2016-11-12 13:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-13 16:43 - 2016-11-12 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-13 16:43 - 2016-11-12 12:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-13 16:43 - 2016-11-12 12:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-13 16:43 - 2016-11-12 12:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-13 16:43 - 2016-11-12 12:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-13 16:43 - 2016-11-12 12:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-13 16:43 - 2016-11-12 12:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-13 16:43 - 2016-11-12 12:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-13 16:43 - 2016-11-12 12:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-13 16:43 - 2016-11-12 12:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-13 16:43 - 2016-11-12 12:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-13 16:43 - 2016-11-12 12:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-13 16:43 - 2016-11-12 12:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-13 16:43 - 2016-11-12 12:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-13 16:43 - 2016-11-12 12:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-13 16:43 - 2016-11-12 12:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-13 16:43 - 2016-11-12 12:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-13 16:43 - 2016-11-12 12:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-13 16:43 - 2016-11-12 12:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-13 16:43 - 2016-11-10 11:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-13 16:43 - 2016-11-10 11:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-13 16:43 - 2016-11-09 11:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-13 16:43 - 2016-11-09 11:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-13 16:43 - 2016-11-09 11:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-13 16:43 - 2016-11-09 11:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-13 16:43 - 2016-11-09 11:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-13 16:43 - 2016-11-09 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-13 16:43 - 2016-11-09 11:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-13 16:43 - 2016-11-09 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-13 16:43 - 2016-11-09 11:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-13 16:43 - 2016-11-09 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-13 16:43 - 2016-11-09 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-13 16:43 - 2016-11-09 11:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-13 16:43 - 2016-11-09 11:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-13 16:43 - 2016-11-09 10:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-13 16:43 - 2016-11-06 11:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-13 16:43 - 2016-11-06 11:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-13 16:43 - 2016-11-06 11:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-13 16:43 - 2016-10-27 10:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-13 16:43 - 2016-10-27 10:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-13 16:43 - 2016-10-11 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-13 16:43 - 2016-10-11 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-13 16:43 - 2016-10-11 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-13 16:43 - 2016-10-11 10:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-13 16:43 - 2016-10-11 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-13 16:43 - 2016-10-11 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-13 16:43 - 2016-10-11 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-13 16:43 - 2016-10-11 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-13 16:43 - 2016-10-11 10:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-13 16:43 - 2016-10-11 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-13 16:43 - 2016-10-11 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-13 16:43 - 2016-10-11 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-13 16:43 - 2016-10-11 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-13 16:43 - 2016-10-11 10:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-13 16:43 - 2016-10-11 10:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 10:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-13 16:43 - 2016-10-11 10:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-13 16:43 - 2016-10-11 10:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-13 16:43 - 2016-10-11 09:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-13 16:43 - 2016-10-11 09:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-13 16:43 - 2016-10-11 09:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-13 16:43 - 2016-10-11 09:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-13 16:43 - 2016-10-11 09:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-13 16:43 - 2016-10-11 09:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-13 16:43 - 2016-10-11 09:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-13 16:43 - 2016-10-11 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-13 16:43 - 2016-10-11 09:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 09:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 09:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 09:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-13 16:43 - 2016-10-11 08:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-13 16:43 - 2016-10-11 08:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-13 16:43 - 2016-10-08 08:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-13 16:43 - 2016-10-04 10:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-13 16:43 - 2016-10-04 10:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-13 16:43 - 2016-10-04 10:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-13 16:43 - 2016-10-04 10:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-13 16:43 - 2016-10-04 10:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-13 16:43 - 2016-10-04 10:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-13 16:43 - 2016-10-04 10:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-13 16:43 - 2016-10-04 10:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-03 21:38 - 2016-12-03 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-03 21:38 - 2016-12-03 21:38 - 00000000 ____D C:\Program Files\iTunes
2016-12-03 21:38 - 2016-12-03 21:38 - 00000000 ____D C:\Program Files\iPod
2016-12-03 21:37 - 2016-12-03 21:37 - 00000000 ____D C:\Program Files\Bonjour
2016-12-03 21:37 - 2016-12-03 21:37 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-12-03 21:35 - 2016-12-03 21:35 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-12-03 21:35 - 2016-12-03 21:35 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-01 23:07 - 2016-12-20 20:29 - 00000000 ____D C:\FRST
2016-12-01 02:18 - 2016-12-01 02:18 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00018088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00018088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2016-12-01 02:18 - 2016-12-01 02:18 - 00018088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00018088 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00018088 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2016-12-01 01:37 - 2016-12-01 01:37 - 00018088 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
2016-11-29 16:52 - 2016-11-29 16:52 - 01081336 _____ (ROBLOX Corporation) C:\Users\Katie\Downloads\RobloxPlayerLauncher(1).exe
2016-11-27 22:01 - 2016-12-08 22:31 - 00000000 ____D C:\Users\Daniel\Desktop\Candidate 2016 Photobook Photos
2016-11-21 16:41 - 2016-11-21 16:41 - 00000000 ____D C:\Program Files (x86)\ESET
2016-11-21 16:38 - 2016-11-21 16:38 - 00004745 _____ C:\Users\Administrator\Desktop\JRT.txt
2016-11-21 16:13 - 2016-11-21 23:16 - 00000000 ____D C:\AdwCleaner
2016-11-21 11:25 - 2016-11-21 11:25 - 00042902 _____ C:\Users\Daniel\Downloads\Cassie Durbin Six Week Time  Summary Sept 25 - Nov 5 2016.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-20 20:29 - 2010-06-04 21:35 - 00000000 ____D C:\Users\Daniel\Downloads\Malware Cleaning
2016-12-20 20:23 - 2016-11-17 19:58 - 00000000 ____D C:\Users\Daniel\AppData\LocalLow\Mozilla
2016-12-20 19:55 - 2013-05-20 21:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-20 13:39 - 2016-10-18 17:36 - 00001171 _____ C:\Users\Katie\Desktop\nativelog.txt
2016-12-20 12:53 - 2009-07-13 23:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-20 12:53 - 2009-07-13 23:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-20 12:52 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-20 12:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-12-20 12:45 - 2016-07-11 09:44 - 00000000 ____D C:\ProgramData\Foxit Software
2016-12-20 12:45 - 2011-05-18 17:18 - 00000000 ____D C:\ProgramData\LightsOut
2016-12-20 12:45 - 2011-04-24 20:58 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2016-12-20 12:45 - 2011-04-24 16:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-20 12:45 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-19 22:28 - 2011-04-24 21:16 - 00000000 ____D C:\Windows\system32\(System Reserved)
2016-12-19 22:17 - 2016-11-17 20:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2016-12-19 16:37 - 2013-12-16 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-12-19 16:37 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-16 22:34 - 2014-12-25 00:38 - 00067802 _____ C:\Windows\SysWOW64\PCPELog.txt
2016-12-16 22:27 - 2011-04-30 21:06 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\KeePass
2016-12-16 15:57 - 2011-04-24 21:02 - 00003510 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3022051664-3807320802-2861752688-1000UA
2016-12-16 15:57 - 2011-04-24 21:02 - 00003238 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3022051664-3807320802-2861752688-1000Core
2016-12-16 15:26 - 2016-11-17 19:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 15:26 - 2012-12-06 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 23:08 - 2011-04-24 21:04 - 00774632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-14 19:46 - 2011-04-24 21:03 - 00002380 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 18:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-12-14 16:33 - 2009-07-13 23:45 - 00341288 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-13 23:36 - 2013-08-13 21:45 - 00000000 ____D C:\Windows\system32\MRT
2016-12-13 23:33 - 2011-04-24 20:59 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-13 22:30 - 2011-03-13 21:41 - 00049422 _____ C:\Users\Daniel\Documents\DanPs.kdbx
2016-12-13 22:26 - 2015-02-18 22:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\Steam
2016-12-13 16:55 - 2013-05-20 21:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 16:55 - 2012-07-15 13:09 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 16:55 - 2012-07-15 13:09 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 16:55 - 2011-11-19 09:50 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 16:55 - 2011-04-24 20:44 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-12 16:15 - 2016-09-25 17:09 - 00001172 _____ C:\Users\Daniel\Desktop\nativelog.txt
2016-12-06 21:43 - 2009-07-14 00:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-03 21:38 - 2012-10-21 19:41 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-03 21:38 - 2011-06-07 21:21 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2016-12-03 21:38 - 2011-04-29 23:22 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-03 21:35 - 2011-04-29 23:22 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-01 22:02 - 2010-03-08 23:02 - 00000000 ____D C:\Users\Daniel\Documents\Dermatology Associates
2016-11-30 19:47 - 2012-04-14 18:07 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\.minecraft
2016-11-30 19:21 - 2011-04-24 21:04 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-30 19:21 - 2011-04-24 21:04 - 00001945 _____ C:\Windows\epplauncher.mif
2016-11-30 19:20 - 2012-04-24 22:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-11-30 19:20 - 2011-04-24 21:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-29 16:55 - 2016-10-18 17:36 - 00000000 ____D C:\Users\Katie\AppData\Roaming\.minecraft
2016-11-29 16:52 - 2016-11-17 19:41 - 00000000 ____D C:\Users\Katie\AppData\LocalLow\Mozilla
2016-11-29 16:50 - 2015-02-09 16:42 - 00001351 _____ C:\Users\Katie\Desktop\ROBLOX Player.lnk
2016-11-29 16:50 - 2015-02-09 16:42 - 00001170 _____ C:\Users\Katie\Desktop\ROBLOX Studio.lnk
2016-11-29 16:50 - 2015-02-09 16:42 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-11-22 20:34 - 2011-04-24 17:29 - 00000000 ____D C:\Users\Administrator
2016-11-21 22:43 - 2013-06-08 11:35 - 00000000 ____D C:\Users\Daniel\Downloads\VideoPad
2016-11-21 22:43 - 2012-01-26 21:45 - 00000000 ____D C:\Users\Daniel\Downloads\Printer Drivers
2016-11-21 16:28 - 2016-03-03 20:41 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2011-04-26 23:01 - 2012-11-08 22:28 - 0006629 _____ () C:\ProgramData\hpzinstall.log
2012-12-15 14:25 - 2015-02-16 21:38 - 0009972 _____ () C:\ProgramData\LMADKscan.log
2016-05-27 15:15 - 2016-05-27 15:15 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Administrator\en_res.dll
C:\Users\Administrator\es_res.dll
C:\Users\Administrator\fr_res.dll
C:\Users\Administrator\grm_res.dll
C:\Users\Administrator\it_res.dll
C:\Users\Administrator\jp_res.dll
C:\Users\Administrator\mfc80u.dll
C:\Users\Administrator\msvcr80.dll
C:\Users\Administrator\PCPE Setup.exe
C:\Users\Administrator\pt_res.dll
C:\Users\Administrator\ResourceReader.dll
C:\Users\Administrator\ru_res.dll
C:\Users\Administrator\zh_res.dll
C:\Users\Daniel\xobglu16.dll
C:\Users\Daniel\xobglu32.dll
C:\Users\Public\abv21.exe
C:\Users\Public\h310to14.exe
C:\Users\Public\PS_AIO_06_C309g-m_USW_Full_Win_enu_130_205.exe


Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Administrator\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Administrator\AppData\Local\Temp\install_flashplayer11x32au_mssd_aih.exe
C:\Users\Administrator\AppData\Local\Temp\npp.6.7.5.Installer.exe
C:\Users\Administrator\AppData\Local\Temp\Nv3DVStreaming.dll
C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Administrator\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Administrator\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Administrator\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Administrator\AppData\Local\Temp\nvStInst.exe
C:\Users\Administrator\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe
C:\Users\Administrator\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Dan\AppData\Local\Temp\_isDA38.exe
C:\Users\Daniel\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Daniel\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Daniel\AppData\Local\Temp\npp.6.7.7.Installer.exe
C:\Users\Daniel\AppData\Local\Temp\npp.6.7.9.2.Installer.exe
C:\Users\Daniel\AppData\Local\Temp\npp.6.8.1.Installer.exe
C:\Users\Daniel\AppData\Local\Temp\RWSCleanup.dll
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Daniel\AppData\Local\Temp\websync_2.8.3.exe
C:\Users\Daniel\AppData\Local\Temp\_isC46A.exe
C:\Users\Daniel\AppData\Local\Temp\_isDA38.exe
C:\Users\Daniel\AppData\Local\Temp\_isFCC8.exe
C:\Users\Daniel\AppData\Local\Temp\{1D3B6702-A700-4779-8B6F-FAFA98BDB146}-36.0.1985.125_35.0.1916.153_chrome_updater.exe
C:\Users\Diana\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Diana\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Diana\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Guest\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Guest\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Guest\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Haeun\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Haeun\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Katie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rebecca\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Rebecca\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Rebecca\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rebecca.Phoenix\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Rebecca.Phoenix\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Rebecca.Phoenix\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-14 18:23

==================== End of FRST.txt ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:17 AM

Posted 21 December 2016 - 08:53 AM

ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7

It may have been enabled by now. Check it out.
===

This was reported in your Dated Addition.txt file.
Check "winmgmt" service or repair WMI.
I'm listing it here for reference only for now.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [Google Update] => C:\Users\Daniel\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3022051664-3807320802-2861752688-500\...\Run: [GalaxyClient] => [X]
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

ADOBE FLASH PLAYER

Go to this page with Firefox or Opera to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===

ADOBE SHOCKWARE

Navigate to this page and follow the instructions to get the latest version.
https://www.adobe.com/shockwave/welcome/

=====

Remove these old version via the Control Panel > Programs > Programs and Features.
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
==

Please post the Fixlog.txt and let me know what problem persists with this computer.

#7 SpitzNevus

SpitzNevus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 22 December 2016 - 07:44 AM

Thank you for your help.

 

I don't have system restore running because my computer is backed up to a Windows Home Server each night. Do I still need an active system restore?

 

Fixlog.txt follows:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Daniel (21-12-2016 23:10:58) Run:1
Running from C:\Users\Daniel\Downloads\Malware Cleaning
Loaded Profiles: Daniel (Available Profiles: Daniel & Karya & Rebecca & Mcx1-PHOENIX & Diana & Katie & Haeun & Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\...\Run: [Google Update] => C:\Users\Daniel\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3022051664-3807320802-2861752688-500\...\Run: [GalaxyClient] => [X]
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3022051664-3807320802-2861752688-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

Reboot:

End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value could not remove.
HKU\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:17 AM

Posted 22 December 2016 - 09:41 AM



I don't have system restore running because my computer is backed up to a Windows Home Server each night. Do I still need an active system restore?


If it's working NO!.

===

Any remaining issues?

#9 SpitzNevus

SpitzNevus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 22 December 2016 - 08:37 PM

I continue to have the Minecraft issue. The other two issues occur randomly, so I will have to wait and see if they also continue to occur.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:17 AM

Posted 23 December 2016 - 08:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
===

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#11 SpitzNevus

SpitzNevus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 23 December 2016 - 10:51 PM

I appreciate your persistence in working this issue. Thank you for your time and expertise.

 

Fixlog.txt below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Administrator (23-12-2016 22:45:59) Run:2
Running from C:\Users\Daniel\Downloads\Malware Cleaning
Loaded Profiles: Daniel & Administrator (Available Profiles: Daniel & Karya & Rebecca & Mcx1-PHOENIX & Diana & Katie & Haeun & Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::b4c9:3864:c731:9eae%11
   Default Gateway . . . . . . . . . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{29674B78-9422-4A91-8195-A4815DD66B08}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::b4c9:3864:c731:9eae%11
   IPv4 Address. . . . . . . . . . . : 192.168.2.254
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{29674B78-9422-4A91-8195-A4815DD66B08}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Route, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv4 reset =========

There's no user specified settings to be reset.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {A2FD3206-D8CD-423E-A0BE-CE63BE6A140F}.
Unable to cancel {6F5D2101-9462-4753-8C03-0887F0FFBF52}.
Unable to cancel {B4A8FA58-E1A0-4410-B501-E36DB5381922}.
Unable to cancel {DF744E4C-0392-4C7A-B88F-2328A3892D3B}.
Unable to cancel {591B4DB5-51F1-4054-96B6-6E56969D9327}.
Unable to cancel {793C2286-60EA-458A-AE6B-B2451C91478C}.
Unable to cancel {13D211CC-9F22-4219-AE8D-EE7287CBCC44}.
0 out of 7 jobs canceled.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 22:46:08 ====



#12 SpitzNevus

SpitzNevus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 23 December 2016 - 11:30 PM

RogueReport.txt:

 

RogueKiller V12.8.6.0 (x64) [Dec 19 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/23/2016 22:55:40 (Duration : 00:27:12)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-500\Software\Microsoft\Windows\CurrentVersion\RunOnce | Report : \AdwCleaner\AdwCleaner[C0].txt [-] -> Found
[PUM.StartMenu] (X64) HKEY_USERS\RK_Rebecca_ON_E_B9A0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\RK_Rebecca_ON_E_B9A0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: INTEL SSDSA2CW160G3 +++++
--- User ---
[MBR] fc4b0ac3b2cb79738f28e48520128c6b
[BSP] cb1d83e1a78ea64572d88ec08dbee92c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: OCZ-TRION150 +++++
--- User ---
[MBR] 8193d9c95501789e1e779c4e505ca828
[BSP] 8079394a7115f5ce3f14527ab65cfec0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 457860 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD1002FAEX-00Z3A0 +++++
--- User ---
[MBR] 2cadc32a6294cbd278187ed890653111
[BSP] 13a6553f1d750c944d0a9e8b1fd4157d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:17 AM

Posted 24 December 2016 - 08:57 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

===

If the problem persists lets check what these jobs are. Nothing is found in Google.
 

Unable to cancel {A2FD3206-D8CD-423E-A0BE-CE63BE6A140F}.
Unable to cancel {6F5D2101-9462-4753-8C03-0887F0FFBF52}.
Unable to cancel {B4A8FA58-E1A0-4410-B501-E36DB5381922}.
Unable to cancel {DF744E4C-0392-4C7A-B88F-2328A3892D3B}.
Unable to cancel {591B4DB5-51F1-4054-96B6-6E56969D9327}.
Unable to cancel {793C2286-60EA-458A-AE6B-B2451C91478C}.
Unable to cancel {13D211CC-9F22-4219-AE8D-EE7287CBCC44}.
0 out of 7 jobs canceled.


Please run the Farbar Recovery Scan Tool. Enter A2FD3206-D8CD-423E-A0BE-CE63BE6A140F;6F5D2101-9462-4753-8C03-0887F0FFBF52;{B4A8FA58-E1A0-4410-B501-E36DB5381922;DF744E4C-0392-4C7A-B88F-2328A3892D3B;591B4DB5-51F1-4054-96B6-6E56969D9327;793C2286-60EA-458A-AE6B-B2451C91478C;13D211CC-9F22-4219-AE8D-EE7287CBCC44
in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#14 SpitzNevus

SpitzNevus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 24 December 2016 - 11:49 AM

The Zoek tool crashed and continually restarted, requiring a reboot to terminate. It crashed with the following error message:

 

An error has occurred in the script on this page.

Line: 68

Char: 6

Error: Path not found

Code: 0

URL: file:///C:/Users/ADMINI~1/AppData/Local/Temp/zoekrun.hta

 

The zoek-results.log was generate, and follows:

 

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Administrator on Sat 12/24/2016 at  9:47:36.32.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Daniel\Downloads\Malware Cleaning\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/24/2016 9:55:31 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\LibreOffice 3.5 deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\Stardock deleted successfully
C:\PROGRA~3\lx_CATS deleted successfully
C:\Users\Administrator\AppData\Roaming\GameMaker-Studio deleted successfully
C:\Users\Administrator\AppData\Roaming\gnupg deleted successfully
C:\Users\Administrator\AppData\Roaming\HpUpdate deleted successfully
C:\Users\Daniel\AppData\Roaming\Logitech deleted successfully
C:\Users\Daniel\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Diana\AppData\Roaming\Windows Home Server deleted successfully
C:\Users\Guest\AppData\Roaming\Windows Home Server deleted successfully
C:\Users\Haeun\AppData\Roaming\TuxPaint deleted successfully
C:\Users\Haeun\AppData\Roaming\Windows Home Server deleted successfully
C:\Users\Rebecca\AppData\Roaming\Windows Home Server deleted successfully
C:\Users\Rebecca.Phoenix-old\AppData\Roaming\Apple Computer deleted successfully
C:\Users\Dan\AppData\Local\VirtualStore deleted successfully
C:\Users\Daniel\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Daniel\AppData\Local\EmieSiteList deleted successfully
C:\Users\Daniel\AppData\Local\EmieUserList deleted successfully
C:\Users\Daniel\AppData\Local\{09ABA172-C131-421A-A5A9-6DFFFAACD3C5} deleted successfully
C:\Users\Daniel\AppData\Local\{0B80F8F8-0FC5-4054-9CFE-8C2E845BCB87} deleted successfully
C:\Users\Daniel\AppData\Local\{0CF859FB-70AF-418B-A501-FBCC9E84C0A2} deleted successfully
C:\Users\Daniel\AppData\Local\{104669AF-C689-43B0-A8C1-D983D080AF03} deleted successfully
C:\Users\Daniel\AppData\Local\{1347B2BD-8174-43B4-8474-46965B258758} deleted successfully
C:\Users\Daniel\AppData\Local\{144F6CAB-6884-4466-B04E-B09603846006} deleted successfully
C:\Users\Daniel\AppData\Local\{16A050F9-879F-443E-8705-DFECE77CF4C5} deleted successfully
C:\Users\Daniel\AppData\Local\{16FD96C3-DBB1-47E3-A39A-D22DBF306156} deleted successfully
C:\Users\Daniel\AppData\Local\{1C64F194-01F6-4AED-90C5-550F6CC4AD26} deleted successfully
C:\Users\Daniel\AppData\Local\{1E7B4088-9877-47EE-BA06-79847219B798} deleted successfully
C:\Users\Daniel\AppData\Local\{1E7EE35A-838B-4BAD-AF6E-10B582ED72EE} deleted successfully
C:\Users\Daniel\AppData\Local\{1FEA03B9-C431-43F2-B3F8-BCDBFB40BA0F} deleted successfully
C:\Users\Daniel\AppData\Local\{27BB59D8-26F4-4BBD-9BDB-84737576D90E} deleted successfully
C:\Users\Daniel\AppData\Local\{28281830-271F-468D-8A38-4984B76C080C} deleted successfully
C:\Users\Daniel\AppData\Local\{283164AF-FFD5-4D91-A3E9-D78C546892BD} deleted successfully
C:\Users\Daniel\AppData\Local\{2A8DCE23-2F4E-4BA2-9D7C-6A09B61C6CA1} deleted successfully
C:\Users\Daniel\AppData\Local\{2A9D98C2-7246-4B01-AA1D-D7063F3361E6} deleted successfully
C:\Users\Daniel\AppData\Local\{2B2CD744-A2CE-4CA3-8E5D-883D25808CF0} deleted successfully
C:\Users\Daniel\AppData\Local\{2E05B856-C7F2-4221-8073-9B0A27A68FFA} deleted successfully
C:\Users\Daniel\AppData\Local\{2F96FB49-094C-4D53-92FB-197B4593DB85} deleted successfully
C:\Users\Daniel\AppData\Local\{3034416E-DB20-40BE-A613-9D33400A39DC} deleted successfully
C:\Users\Daniel\AppData\Local\{3330DA85-BDC7-44E9-9141-230595B10A93} deleted successfully
C:\Users\Daniel\AppData\Local\{338F022A-105B-45B4-BF68-A9AF0D5367EF} deleted successfully
C:\Users\Daniel\AppData\Local\{347028AD-6E84-4D09-A57E-97CD931EE042} deleted successfully
C:\Users\Daniel\AppData\Local\{35EC4E43-7A1D-4FC6-8CFF-982AC8735D36} deleted successfully
C:\Users\Daniel\AppData\Local\{3A90E858-5D47-46AF-BCCC-64463F471F8C} deleted successfully
C:\Users\Daniel\AppData\Local\{3A9D4B19-CF5B-42F7-B94E-6E38723ED5DD} deleted successfully
C:\Users\Daniel\AppData\Local\{467B319B-28EF-45FF-AF89-A24C01148A55} deleted successfully
C:\Users\Daniel\AppData\Local\{4A0272AF-42E4-4E5B-A288-28FE85BD9DB9} deleted successfully
C:\Users\Daniel\AppData\Local\{4AEBE83D-7277-4B8F-B571-A7B8F617F162} deleted successfully
C:\Users\Daniel\AppData\Local\{4DAE3752-9CC7-4D2A-95E1-4CF0590AA58C} deleted successfully
C:\Users\Daniel\AppData\Local\{4E331768-F113-4D41-8CB2-5DDFC93FA9A0} deleted successfully
C:\Users\Daniel\AppData\Local\{5120FFE0-9332-4306-84CE-4C7F79798D02} deleted successfully
C:\Users\Daniel\AppData\Local\{52C1FE23-DEF4-4D4E-9AA2-F4B42E9322D9} deleted successfully
C:\Users\Daniel\AppData\Local\{56F8F664-AFB4-4364-B39C-3C0CEB921DF4} deleted successfully
C:\Users\Daniel\AppData\Local\{575895A1-31C7-4994-97ED-FF518087DBA5} deleted successfully
C:\Users\Daniel\AppData\Local\{58B75C3E-3BB3-401B-B5BD-6722489912E9} deleted successfully
C:\Users\Daniel\AppData\Local\{5C0B6171-6B25-4E95-BAC2-53BF9D127AB6} deleted successfully
C:\Users\Daniel\AppData\Local\{5DC8BB9A-5D97-4952-9402-D1B371F6E8C3} deleted successfully
C:\Users\Daniel\AppData\Local\{60E0BBAB-9E69-4A1D-893E-550970553706} deleted successfully
C:\Users\Daniel\AppData\Local\{61A94339-C8AC-4545-842B-1F3D562BC901} deleted successfully
C:\Users\Daniel\AppData\Local\{620BD2A1-166A-45B7-836A-F132AB748BF5} deleted successfully
C:\Users\Daniel\AppData\Local\{631DA294-B56C-410D-83D8-26E9A2D2EFB0} deleted successfully
C:\Users\Daniel\AppData\Local\{6469DC00-6B45-4EC3-A747-7E1165D9049B} deleted successfully
C:\Users\Daniel\AppData\Local\{67CBCA1B-8774-4D89-9ACC-BEBFA3513664} deleted successfully
C:\Users\Daniel\AppData\Local\{6A50E59F-629A-4375-8DB2-E328F5DCE503} deleted successfully
C:\Users\Daniel\AppData\Local\{6DF3A0EB-8932-494F-99B1-47CE3C5313D7} deleted successfully
C:\Users\Daniel\AppData\Local\{6F6C882A-68E9-462D-80A4-9D0B975A52CF} deleted successfully
C:\Users\Daniel\AppData\Local\{6FED3106-7F94-4E28-8ADD-A4E1712881EB} deleted successfully
C:\Users\Daniel\AppData\Local\{71FDE6BF-57CA-44A9-8903-13BD90312638} deleted successfully
C:\Users\Daniel\AppData\Local\{738F6A4A-4112-441B-AB0C-27408ACBE70B} deleted successfully
C:\Users\Daniel\AppData\Local\{73B414D5-89C0-4F32-A495-7ABBCFFD612F} deleted successfully
C:\Users\Daniel\AppData\Local\{74B07078-380C-46A0-B02A-B43F9CB076E7} deleted successfully
C:\Users\Daniel\AppData\Local\{7522C1AF-2AF9-4DBF-B103-012E61E67341} deleted successfully
C:\Users\Daniel\AppData\Local\{7A83D27F-CED3-42A4-AA99-800D43F7FFCB} deleted successfully
C:\Users\Daniel\AppData\Local\{7DFFF48B-3A9F-45FE-A7A0-D9C33191607C} deleted successfully
C:\Users\Daniel\AppData\Local\{8030C562-54CC-41DC-B2C5-9E95B6871B39} deleted successfully
C:\Users\Daniel\AppData\Local\{803B0852-7D9F-4B99-A859-73B4031A7BBF} deleted successfully
C:\Users\Daniel\AppData\Local\{81A3F277-16DC-43F5-9402-E208DAEEED0E} deleted successfully
C:\Users\Daniel\AppData\Local\{81EDB327-BD95-4AEC-A6A7-365A4F14EB02} deleted successfully
C:\Users\Daniel\AppData\Local\{823A70A1-2BCF-4F6E-8818-A520D9C25626} deleted successfully
C:\Users\Daniel\AppData\Local\{82ACF481-1B19-4082-AA10-16A3B271C07E} deleted successfully
C:\Users\Daniel\AppData\Local\{8CDC8C2E-B6E1-4B33-BB08-C617175AFC4F} deleted successfully
C:\Users\Daniel\AppData\Local\{8E78E909-C954-41A9-9C0C-80ACC2857B51} deleted successfully
C:\Users\Daniel\AppData\Local\{8ED37A9C-F8CA-4E1E-BEEC-646ADAFCB589} deleted successfully
C:\Users\Daniel\AppData\Local\{8FEAD4B9-710B-4C1E-BFC2-7689CF503FD3} deleted successfully
C:\Users\Daniel\AppData\Local\{910008D5-2AA2-46BC-AA51-1D6D0C13C998} deleted successfully
C:\Users\Daniel\AppData\Local\{93611271-219B-401A-B6AC-DDD0E92DE88A} deleted successfully
C:\Users\Daniel\AppData\Local\{945FAE78-604E-4480-BE54-7889C491D248} deleted successfully
C:\Users\Daniel\AppData\Local\{9709E1CA-E6D5-4F6F-8000-01E3251D282B} deleted successfully
C:\Users\Daniel\AppData\Local\{972A87AC-01C7-47D7-BA64-AAB155B516BC} deleted successfully
C:\Users\Daniel\AppData\Local\{9963B3AC-AC57-48F5-9CEC-2398ED9B7A5E} deleted successfully
C:\Users\Daniel\AppData\Local\{9CDF5139-BC8F-40BD-ACE6-3D1B257B7DFA} deleted successfully
C:\Users\Daniel\AppData\Local\{9D3D8AE1-0DF3-415D-B3CE-0890DF0913B1} deleted successfully
C:\Users\Daniel\AppData\Local\{9E45F1D4-5082-4207-A4C3-95F2D5044905} deleted successfully
C:\Users\Daniel\AppData\Local\{9E9A55C8-AA1F-4F17-9308-EB365F6CDC75} deleted successfully
C:\Users\Daniel\AppData\Local\{A2CF4D28-8866-40BF-A655-14ECD024F435} deleted successfully
C:\Users\Daniel\AppData\Local\{A2D035FE-5420-4AFE-B7C4-B5AF44A5EB25} deleted successfully
C:\Users\Daniel\AppData\Local\{A48E8D7F-EA81-4C0A-BBBE-4C3B134192BC} deleted successfully
C:\Users\Daniel\AppData\Local\{A5FBF4DB-03EA-479E-9BF0-B2D800E878BC} deleted successfully
C:\Users\Daniel\AppData\Local\{A7196C4F-02C8-4A26-B7BE-C8246175CB50} deleted successfully
C:\Users\Daniel\AppData\Local\{A7C020B5-F98B-4614-841E-97975E631AD4} deleted successfully
C:\Users\Daniel\AppData\Local\{A7FEC757-9D9E-4522-A51B-5459F45F188C} deleted successfully
C:\Users\Daniel\AppData\Local\{ACA1FD20-B201-4BF2-BE1B-E22F6C461873} deleted successfully
C:\Users\Daniel\AppData\Local\{AED4CDAE-D083-43EB-A4B5-3BDFED5C5D45} deleted successfully
C:\Users\Daniel\AppData\Local\{B35272F0-A53B-4C23-9D6E-9C06B64413DD} deleted successfully
C:\Users\Daniel\AppData\Local\{B3650381-17C5-4304-9D08-E114DC25AE34} deleted successfully
C:\Users\Daniel\AppData\Local\{B3E93E84-F06D-4DCA-96F5-31F5A53A3A7B} deleted successfully
C:\Users\Daniel\AppData\Local\{B4B346F2-2F3E-48BB-AB5A-A52E74927E14} deleted successfully
C:\Users\Daniel\AppData\Local\{B5C58BA1-A04A-4039-BECC-FA62E92BB73C} deleted successfully
C:\Users\Daniel\AppData\Local\{B6BC7F52-BEAA-4CE1-B8AE-BCB08DFA9CC3} deleted successfully
C:\Users\Daniel\AppData\Local\{B6EB23E8-572E-4530-A528-35A6EA70ACDB} deleted successfully
C:\Users\Daniel\AppData\Local\{B6F8797B-3D74-47C3-A025-83E3EDEDF49F} deleted successfully
C:\Users\Daniel\AppData\Local\{B9A1F366-1E2E-41D9-BBFE-C454BB39E895} deleted successfully
C:\Users\Daniel\AppData\Local\{BE894346-B3EF-428F-8BA7-60190843A2E5} deleted successfully
C:\Users\Daniel\AppData\Local\{C1656314-B527-41FB-8683-7D55CB0ED273} deleted successfully
C:\Users\Daniel\AppData\Local\{C43208FC-3323-4ACE-B961-DAC8D572FA08} deleted successfully
C:\Users\Daniel\AppData\Local\{C4E19F68-74B6-4CEE-827E-335DE1466BD8} deleted successfully
C:\Users\Daniel\AppData\Local\{C5181E79-8E50-47FB-94B5-3BB9713E5607} deleted successfully
C:\Users\Daniel\AppData\Local\{C6DA4003-C01B-45C2-BB62-64AB4D43B9E2} deleted successfully
C:\Users\Daniel\AppData\Local\{C6EE11F0-7138-4806-80A9-0355195C59DC} deleted successfully
C:\Users\Daniel\AppData\Local\{CD20396D-AB76-4A65-AC2D-0A7474FE6B8E} deleted successfully
C:\Users\Daniel\AppData\Local\{D055E753-8A73-4CB2-8492-7CA81E8B0428} deleted successfully
C:\Users\Daniel\AppData\Local\{D4E98ADF-3D14-42E9-818A-DE9F4E1ADE5E} deleted successfully
C:\Users\Daniel\AppData\Local\{D5F6980B-DDA2-41D7-BEC1-06E84C50D18A} deleted successfully
C:\Users\Daniel\AppData\Local\{D7E67529-571E-4D1F-9652-B3D917515851} deleted successfully
C:\Users\Daniel\AppData\Local\{D8896A6D-7F07-49ED-9AF6-1BA55E39A846} deleted successfully
C:\Users\Daniel\AppData\Local\{E1174F95-F426-4B40-8179-F1B5260DC76B} deleted successfully
C:\Users\Daniel\AppData\Local\{E1DE2A52-0A47-430A-8785-F2DC37A4F381} deleted successfully
C:\Users\Daniel\AppData\Local\{E66B7664-28D5-4347-ABB0-F7C39CE68F11} deleted successfully
C:\Users\Daniel\AppData\Local\{E7FAEC0D-8DD0-4BAC-A063-839B6240E647} deleted successfully
C:\Users\Daniel\AppData\Local\{E8616637-584C-47FF-B9A8-B77339BC657B} deleted successfully
C:\Users\Daniel\AppData\Local\{E8969C69-B158-4423-98D9-80E6118C5AAE} deleted successfully
C:\Users\Daniel\AppData\Local\{EABBCADD-AE1B-4170-89F3-4DFFDC8B94AE} deleted successfully
C:\Users\Daniel\AppData\Local\{EBBC0078-BD09-43BA-B3E2-A163B9E84A6F} deleted successfully
C:\Users\Daniel\AppData\Local\{EF2162A8-8F7B-4593-B073-0F8B345E99E5} deleted successfully
C:\Users\Daniel\AppData\Local\{EF376937-418B-4336-8004-E03A5EAD5128} deleted successfully
C:\Users\Daniel\AppData\Local\{EF75A3E4-CE8A-46A5-90D2-A539F37CA288} deleted successfully
C:\Users\Daniel\AppData\Local\{F2A6F5A7-7C1E-470E-B601-6134BC6A9A4C} deleted successfully
C:\Users\Daniel\AppData\Local\{F3702AB7-EB2F-4E18-A346-59494F0C4DD2} deleted successfully
C:\Users\Daniel\AppData\Local\{F5B368E9-15CA-4002-82E9-1845E8ACCDF6} deleted successfully
C:\Users\Daniel\AppData\Local\{F6697350-7F7D-4C64-A44D-D07E7D91C626} deleted successfully
C:\Users\Daniel\AppData\Local\{F8531546-CDD3-4B4E-8CB2-DE1798E775E4} deleted successfully
C:\Users\Daniel\AppData\Local\{F8C419C1-9F31-4167-B33C-FBA426367254} deleted successfully
C:\Users\Daniel\AppData\Local\{F8C726EF-0C3E-4416-8847-B83629460516} deleted successfully
C:\Users\Daniel\AppData\Local\{F8C858AB-BFFB-438A-8BE3-E7676164C519} deleted successfully
C:\Users\Daniel\AppData\Local\{F8E81B21-911A-4C23-A1AB-0BBCC84F14FE} deleted successfully
C:\Users\Daniel\AppData\Local\{FCBC2F95-EE6E-49EA-B413-A042DFAB3B91} deleted successfully
C:\Users\Daniel\AppData\Local\{FD8D1F7C-A675-42BE-9A04-F0FE1D890D5D} deleted successfully
C:\Users\Diana\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Diana\AppData\Local\EmieSiteList deleted successfully
C:\Users\Diana\AppData\Local\EmieUserList deleted successfully
C:\Users\Diana\AppData\Local\VirtualStore deleted successfully
C:\Users\Guest\AppData\Local\{1BC2F88F-DB16-4EF7-B5A1-DD8A804348A8} deleted successfully
C:\Users\Haeun\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Haeun\AppData\Local\EmieSiteList deleted successfully
C:\Users\Haeun\AppData\Local\EmieUserList deleted successfully
C:\Users\Katie\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Katie\AppData\Local\EmieSiteList deleted successfully
C:\Users\Katie\AppData\Local\EmieUserList deleted successfully
C:\Users\Mcx1-PHOENIX\AppData\Local\VirtualStore deleted successfully
C:\Users\Rebecca\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Rebecca\AppData\Local\EmieSiteList deleted successfully
C:\Users\Rebecca\AppData\Local\EmieUserList deleted successfully
C:\Users\Rebecca\AppData\Local\VirtualStore deleted successfully
C:\Users\Rebecca.Phoenix-old\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E422264-6D8A-4ca0-97C7-A2CF868471EA} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34A21F61-6228-4D8E-A152-DB4107E5A04E} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357AF2A0-D16A-4187-A8EB-F24C36E52EE8} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5981CE34-0BA2-402D-B24A-9EB84FB636AD} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D727EAB-AC4F-43D1-B722-19E42D2E9F9A} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6558B1EE-13AC-45D9-8C25-228A254E7BD8} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E71F2DF-664B-4828-9A25-B18B43BDBCFA} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A58D52D2-CAE1-4665-A8EC-0D7C1DE4F18D} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9D3EF81-8E6D-40E1-8537-B5CDC24B2D1D} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABBAB788-CF6D-4350-90AF-5BED73738797} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBC0E7EE-45B3-4545-A743-6944BB91D5CB} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB28DBE7-229E-4EB0-9754-15D688B61B2B} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6D5CBD4-6521-4FED-AD5A-B8F6FEDE816A} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8FFC856-33CD-45B4-916B-CC424297EC22} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA1D9038-67C4-49E0-BCBE-6E06BBAFCA23} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E109E53A-1591-43D0-9179-4624B7831B97} deleted successfully
HKEY_USERS\S-1-5-21-3022051664-3807320802-2861752688-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8E46F9A-F693-4075-AC99-4FE1AC458AB2} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ixsef3xc.default\prefs.js:

Added to C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ixsef3xc.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.cnn.com/|http://slashdot.org/|http://www.facebook.com/home.php|https://mail.google.com/mail/?shva=1#inbox");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.defaultenginename.US", "Google");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\k01nejoi.default\prefs.js:

Added to C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\k01nejoi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\zhjiwni8.default\prefs.js:
user_pref("browser.search.selectedEngine", "Bing");

Added to C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\zhjiwni8.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\szabs44x.default\prefs.js:

Added to C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\szabs44x.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Guest\AppData\Roaming\Thunderbird\Profiles\nns9lhsd.default\prefs.js:

Added to C:\Users\Guest\AppData\Roaming\Thunderbird\Profiles\nns9lhsd.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Haeun\AppData\Roaming\Mozilla\Firefox\Profiles\7687uz6p.default\prefs.js:

Added to C:\Users\Haeun\AppData\Roaming\Mozilla\Firefox\Profiles\7687uz6p.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Karya\AppData\Roaming\Mozilla\Firefox\Profiles\dmqd74a6.default\prefs.js:

Added to C:\Users\Karya\AppData\Roaming\Mozilla\Firefox\Profiles\dmqd74a6.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\2f5ad397.default\prefs.js:

Added to C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\2f5ad397.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\qhd6tfya.default-1479588848492\prefs.js:

Added to C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\qhd6tfya.default-1479588848492\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Rebecca\AppData\Roaming\Thunderbird\Profiles\i756vttt.default\prefs.js:

Added to C:\Users\Rebecca\AppData\Roaming\Thunderbird\Profiles\i756vttt.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\REBECC~2.PHO\AppData\Roaming\Mozilla\Firefox\Profiles\qhd6tfya.default-1479588848492\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\REBECC~2.PHO\AppData\Roaming\Mozilla\Firefox\Profiles\qhd6tfya.default-1479588848492\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\REBECC~2.PHO\AppData\Roaming\Thunderbird\Profiles\i756vttt.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\REBECC~2.PHO\AppData\Roaming\Thunderbird\Profiles\i756vttt.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ixsef3xc.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20161224_1019_.backup

ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20161224_1019_.backup

ProfilePath: C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\k01nejoi.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("mail.identity.id2.archive_folder", "imap://wendelindaniel@imap.mail.yahoo.com/Archives");
user_pref("mail.identity.id2.draft_folder", "imap://wendelindaniel@imap.mail.yahoo.com/Drafts");
user_pref("mail.identity.id2.fcc_folder", "imap://wendelindaniel@imap.mail.yahoo.com/Sent");
user_pref("mail.identity.id2.stationery_folder", "imap://wendelindaniel@imap.mail.yahoo.com/Templates");
user_pref("mail.identity.id2.useremail", "wendelindaniel@yahoo.com");
user_pref("mail.last_msg_movecopy_target_uri", "imap://wendelindaniel@imap.mail.yahoo.com/INBOX");
user_pref("mail.server.server3.directory-rel", "[ProfD]ImapMail/imap.mail.yahoo.com");
user_pref("mail.server.server3.directory", "C:\\Users\\Daniel\\AppData\\Roaming\\Thunderbird\\Profiles\\k01nejoi.default\\ImapMail\\imap.mail.yahoo.co
user_pref("mail.server.server3.hostname", "imap.mail.yahoo.com");
user_pref("mail.server.server3.name", "wendelindaniel@yahoo.com");
user_pref("mail.server.server3.spamActionTargetAccount", "imap://wendelindaniel@imap.mail.yahoo.com");
user_pref("mail.smtpserver.smtp2.description", "Yahoo Mail");
user_pref("mail.smtpserver.smtp2.hostname", "smtp.mail.yahoo.com");
---- FireFox user.js and prefs.js backups ----

prefs_20161224_1019_.backup

ProfilePath: C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\zhjiwni8.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20161224_1019_.backup

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\szabs44x.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20161224_1019_.backup

ProfilePath: C:\Users\Guest\AppData\Roaming\Thunderbird\Profiles\nns9lhsd.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20161224_1019_.backup

ProfilePath: C:\Users\Haeun\AppData\Roaming\Mozilla\Firefox\Profiles\7687uz6p.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.uitour.treatment.srch-chg-treatment", "firstrun_yahooDefault");
---- FireFox user.js and prefs.js backups ----

prefs_20161224_1019_.backup

ProfilePath: C:\Users\Karya\AppData\Roaming\Mozilla\Firefox\Profiles\dmqd74a6.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20161224_1019_.backup

ProfilePath: C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\2f5ad397.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20161224_1019_.backup

ProfilePath: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\qhd6tfya.default-1479588848492

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20161224_1019_.backup

ProfilePath: C:\Users\Rebecca\AppData\Roaming\Thunderbird\Profiles\i756vttt.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20161224_1019_.backup

ProfilePath: C:\Users\REBECC~2.PHO\AppData\Roaming\Mozilla\Firefox\Profiles\qhd6tfya.default-1479588848492

user.js not found
---- FireFox user.js and prefs.js backups ----


ProfilePath: C:\Users\REBECC~2.PHO\AppData\Roaming\Thunderbird\Profiles\i756vttt.default

user.js not found
---- FireFox user.js and prefs.js backups ----


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\LibreOffice 3.5 not found
C:\Users\Administrator\en_res.dll deleted
C:\Users\Administrator\es_res.dll deleted
C:\Users\Administrator\fr_res.dll deleted
C:\Users\Administrator\grm_res.dll deleted
C:\Users\Administrator\it_res.dll deleted
C:\Users\Administrator\jp_res.dll deleted
C:\Users\Administrator\mfc80u.dll deleted
C:\Users\Administrator\msvcr80.dll deleted
C:\Users\Administrator\pt_res.dll deleted
C:\Users\Administrator\ResourceReader.dll deleted
C:\Users\Administrator\ru_res.dll deleted
C:\Users\Administrator\zh_res.dll deleted
C:\PROGRA~3\LightsOut deleted
C:\PROGRA~3\{2AF57608-1A2D-4614-A0EB-2CFA2935EBA9} deleted
C:\PROGRA~3\{721AAEE4-1FF4-4710-98F6-9EC88B4A7BC5} deleted
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Daniel\AppData\Local\vmrWorkAround.log deleted
C:\Users\Diana\AppData\Local\Unity deleted
C:\Users\Katie\AppData\Local\Unity deleted
C:\Users\Rebecca\AppData\Local\Unity deleted
C:\Users\Public\abv21.exe deleted
C:\Users\Public\h310to14.exe deleted
C:\Users\Public\PS_AIO_06_C309g-m_USW_Full_Win_enu_130_205.exe deleted
C:\Users\Diana\AppData\LocalLow\Unity deleted
C:\Users\Katie\AppData\LocalLow\Unity deleted
C:\Users\Rebecca\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Administrator\PCPE Setup.exe deleted
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default\extensions\artur.dubovoy@gmail.com deleted

==== Orphaned Tasks deleted from Registry ======================

NCH Software\DebutSevenDays deleted
NCH Software\PrismReminder deleted
NCH Software\WavePadSevenDays deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ixsef3xc.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\v4992utb.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\k01nejoi.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\zhjiwni8.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\szabs44x.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Guest\AppData\Roaming\Thunderbird\Profiles\nns9lhsd.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Haeun\AppData\Roaming\Mozilla\Firefox\Profiles\7687uz6p.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Karya\AppData\Roaming\Mozilla\Firefox\Profiles\dmqd74a6.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\2f5ad397.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\qhd6tfya.default-1479588848492
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Rebecca\AppData\Roaming\Thunderbird\Profiles\i756vttt.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\REBECC~2.PHO\AppData\Roaming\Mozilla\Firefox\Profiles\qhd6tfya.default-1479588848492
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\REBECC~2.PHO\AppData\Roaming\Thunderbird\Profiles\i756vttt.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 



#15 SpitzNevus

SpitzNevus
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 24 December 2016 - 11:55 AM

The Steam problem may be fixed, but I'm not sure, as the formatting seems to go haywire a variable length of time after the htmlcache steam folder has been deleted.

 

Thunderbird is not currently generating errors, but again, that problem seems to come and go.

 

Minecraft will still not connect to the server.

 

Will investigate those jobs with FRST and post this evening.

 

Thanks again for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users