Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Typing issues and Word 2013 errors, are they connected?


  • Please log in to reply
77 replies to this topic

#1 Cooncatz

Cooncatz

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 24 January 2017 - 02:57 PM

Hello, and thanks for reading. I cannot figure out what is going on and give up! 

 

1. Just typing the title was brutal. At odd times, the letters are spotty and will shoot out several of the same ex: ssssss, or skip some. This is the entire PC including Word. I ran Malwarebytes and uncovered nothing. Tigzy only found a couple of PUMS.  

2. Word has incessant "not responding" errors. It usually gives me the spinning circle and then I can work, but it repeats it seemingly every other time I make a move. Sometimes the screen goes black before letting me resume, which is a new development. Any fixes tried did nothing. It's not the "acceleration" as that box was checked. Drivers are updated. 

3. Keep getting Windows 10 Driver Optimizer pop-ups. 

 

This is painful! I simply cannot type for random portions of the day. LIKE NOW. And the Word issue is killing my time. I work at home, and this is horrific. Please help! TIA! 

-----------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by Janet's (administrator) on JANETS-PC (24-01-2017 11:31:16)
Running from C:\Users\Janet's\Downloads
Loaded Profiles: Janet's (Available Profiles: Janet's & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google, Inc) C:\Users\Janet's\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\mcafee\MAT\McP2640.tmp
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\UPDMGR\4.0.3031.2\mcupdatemgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McU34AD.tmp
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Users\Janet's\Downloads\HijackThis.exe
(Trend Micro Inc.) C:\Users\Janet's\Downloads\HijackThis (1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [PAC7311_Monitor] => C:\WINDOWS\PixArt\PAC7311\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1240680 2016-11-02] (Carbonite, Inc.)
HKLM-x32\...\Run: [MyBackupPC] => C:\Users\Janet's\Desktop\MyBackupPC\mybackuppc.exe [170791 2015-11-02] (Rerware LLC)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-01-03] (Siber Systems)
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Run: [Google Update] => C:\Users\Janet's\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Run: [MusicManager] => C:\Users\Janet's\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-01] (Google Inc.)
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Run: [Upwork] => C:\Program Files (x86)\Upwork\upwork.exe [2267912 2016-08-19] ()
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Run: [Zoom] => 0
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Run: [GoogleChromeAutoLaunch_20B52F62C31CBE7EB2A4792C20CAF95F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-07] (Google Inc.)
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Run: [Google Photos Backup] => C:\Users\Janet's\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-11-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-11-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-11-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-11-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-11-02] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-11-02] (Carbonite, Inc.)
Startup: C:\Users\Janet's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61 192.168.1.1
Tcpip\..\Interfaces\{9c783aa0-8ec3-4ea4-9d19-922160841927}: [DhcpNameServer] 209.18.47.62 209.18.47.61 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE8HP&PC=UP62
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000 -> DefaultScope {A05DA0B8-D435-447C-818A-3E5D5BF7C11E} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US91036D20151102&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000 -> {37F789F9-4256-40F3-B0A8-8C6B7651E9D7} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000 -> {A05DA0B8-D435-447C-818A-3E5D5BF7C11E} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US91036D20151102&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000 -> {B6BDA51E-3F78-4800-8BC7-FD75E4AAEA41} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-01-03] (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-12] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-02] (Qualcomm®Atheros®)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-12] (Oracle Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-01-03] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-12] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-12] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-01-03] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-01-03] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-01-03] (Siber Systems Inc.)
DPF: HKLM-x32 {55A2C0CD-3DE8-4264-9637-A0B40B05714E} hxxps://col430-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1489842893
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-06-13] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-06-13] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-06-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-06-13] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903 [2017-01-13]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903 -> Secure Search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903 -> Secure Search
FF Homepage: Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903 -> hxxps://www.yahoo.com/
FF Extension: (Grammarly for Firefox) - C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2017-01-13]
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903\Extensions\artur.dubovoy@gmail.com [2017-01-11]
FF Extension: (Ghostery) - C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903\Extensions\firefox@ghostery.com.xpi [2016-11-29]
FF Extension: (Webmail Ad Blocker) - C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903\Extensions\gmailnoads@mywebber.com.xpi [2016-09-17]
FF Extension: (LastPass) - C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903\Extensions\support@lastpass.com [2017-01-13]
FF Extension: (Flashblock) - C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-04]
FF Extension: (Flash Block) - C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2016-04-27]
FF Extension: (Flash and Video Download) - C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-11-02]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-12-18]
FF SearchPlugin: C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903\searchplugins\McSiteAdvisor.xml [2016-03-01]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: (RoboForm Toolbar for Firefox) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-01-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-01-25] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-01-24] [not signed]
FF HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-05-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-12] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin64.dll [2014-11-03] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-12] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3941794247-3169808309-3500582986-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Janet's\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-10] (Citrix Online)
FF Plugin HKU\S-1-5-21-3941794247-3169808309-3500582986-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Janet's\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-11-15] (RocketLife, LLP)
FF Plugin HKU\S-1-5-21-3941794247-3169808309-3500582986-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Janet's\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3941794247-3169808309-3500582986-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Janet's\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3941794247-3169808309-3500582986-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Janet's\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-05-09] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.yahoo.com/
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US91036D20151102&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default [2017-01-24]
CHR Extension: (Google Slides) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-19]
CHR Extension: (Google Docs) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-19]
CHR Extension: (Google Drive) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Honey) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-01-24]
CHR Extension: (Google Search) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-02-25]
CHR Extension: (Google Sheets) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-19]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-12-13]
CHR Extension: (Google Docs Offline) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Hide My AdBlocker) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihcngphjjankfngmgdkihhngndcdflc [2016-05-17]
CHR Extension: (Pinterest Save Button) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-02]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-01-07]
CHR Extension: (Grammarly for Chrome) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-01-23]
CHR Extension: (Coupons at Checkout) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2017-01-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-01]
CHR Extension: (Office Online) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2016-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-19]
CHR Extension: (Chrome Media Router) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0173401485261274mcinstcleanup; C:\WINDOWS\TEMP\017340~1.EXE [1027864 2016-11-28] (McAfee, Inc.)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10963864 2016-01-27] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-06-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [351744 2015-09-09] (Wondershare) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 DDDriver; C:\WINDOWS\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
S3 DellProf; C:\WINDOWS\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124080 2016-02-25] (Emsisoft Ltd)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [87928 2016-08-01] (McAfee, Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
U3 mfeaack01; no ImagePath
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
U3 mfehidk01; no ImagePath
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 PAC7311; C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [602624 2007-01-11] (PixArt Imaging Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2016-12-15] (Realtek                                            )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-24 11:31 - 2017-01-24 11:32 - 00037271 _____ C:\Users\Janet's\Downloads\FRST.txt
2017-01-24 11:30 - 2017-01-24 11:31 - 00000000 ____D C:\FRST
2017-01-24 11:30 - 2017-01-24 11:30 - 02420736 _____ (Farbar) C:\Users\Janet's\Downloads\FRST64.exe
2017-01-24 11:08 - 2017-01-24 11:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Janet's\Downloads\HijackThis (1).exe
2017-01-24 11:07 - 2017-01-24 11:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Janet's\Downloads\HijackThis.exe
2017-01-23 17:13 - 2017-01-23 17:13 - 00000124 _____ C:\Users\Janet's\Desktop\BSCA Member Portal - Member Center.url
2017-01-20 11:54 - 2017-01-20 11:54 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-01-20 11:53 - 2017-01-20 11:54 - 34741672 _____ (Adlice Software ) C:\Users\Janet's\Downloads\setup (8).exe
2017-01-20 11:50 - 2017-01-20 11:51 - 00095876 _____ C:\TDSSKiller.3.1.0.12_20.01.2017_11.50.50_log.txt
2017-01-20 11:50 - 2017-01-20 11:50 - 04656523 _____ C:\Users\Janet's\Downloads\tdsskiller (2).zip
2017-01-20 11:50 - 2017-01-20 11:50 - 00000354 _____ C:\TDSSKiller.2.8.15.0_20.01.2017_11.50.18_log.txt
2017-01-20 10:34 - 2017-01-20 10:34 - 00000085 _____ C:\Users\Janet's\Desktop\Sterling Silver Rings - Wholesale Silver Rings for Cheap.url
2017-01-19 16:20 - 2017-01-19 16:20 - 00000000 ___HD C:\OneDriveTemp
2017-01-19 09:53 - 2017-01-19 09:53 - 00000134 _____ C:\Users\Janet's\Desktop\Kettlebell Metric System - Convert Kiligrams to Pounds.url
2017-01-18 13:49 - 2017-01-18 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-18 13:49 - 2017-01-18 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-18 10:33 - 2017-01-18 10:59 - 25947720 _____ C:\Users\Janet's\Downloads\RogueKillerX64 (3).exe
2017-01-18 10:08 - 2017-01-18 13:19 - 00000000 ____D C:\Users\Janet's\Desktop\EDITING COURSE
2017-01-18 08:45 - 2017-01-18 08:45 - 00000066 _____ C:\Users\Janet's\Desktop\Get the Hemingway Editor for Mac and PC.url
2017-01-18 08:11 - 2017-01-18 08:11 - 00000059 _____ C:\Users\Janet's\Desktop\Slick Write - Proofread online - Check your grammar and more.url
2017-01-18 08:11 - 2017-01-18 08:11 - 00000048 _____ C:\Users\Janet's\Desktop\Free Online Grammar Check and Proofreader.url
2017-01-16 14:44 - 2017-01-16 14:44 - 00000110 _____ C:\Users\Janet's\Desktop\Keyboard not working in chrome (intermittent problem) - Acer - Laptop Tech Support.url
2017-01-15 08:50 - 2017-01-15 08:50 - 00000061 _____ C:\Users\Janet's\Desktop\Subscribe to Study.com.url
2017-01-15 08:46 - 2017-01-15 08:46 - 00000106 _____ C:\Users\Janet's\Desktop\Where Can I Find Free Online Editing Courses-.url
2017-01-15 08:25 - 2017-01-15 08:25 - 00000134 _____ C:\Users\Janet's\Desktop\Top Rated Perk- Feedback Removal – Upwork Help Center.url
2017-01-14 10:09 - 2017-01-14 10:09 - 07174035 _____ C:\Users\Janet's\Downloads\BIM Model Audit Report for FM (Final) - JD edit.pptx
2017-01-14 07:42 - 2017-01-14 07:42 - 07167599 _____ C:\Users\Janet's\Downloads\BIM Model Audit Report for FM (Final).pptx
2017-01-11 16:06 - 2017-01-11 16:07 - 00084459 _____ C:\Users\Janet's\Downloads\2016-12-16-statements-5536.pdf
2017-01-11 15:50 - 2017-01-11 15:51 - 00000000 ___RD C:\Users\Janet's\Documents\Scanned Documents
2017-01-11 15:50 - 2017-01-11 15:50 - 00000000 ____D C:\Users\Janet's\Documents\Fax
2017-01-11 12:46 - 2017-01-11 12:46 - 00000089 _____ C:\Users\Janet's\Desktop\Become a Pinterest VA TODAY! – Horkey Handbook Courses.url
2017-01-11 11:22 - 2017-01-11 11:22 - 00000131 _____ C:\Users\Janet's\Desktop\Microsoft Word - Home-Made Orchid Remedies and Treatments.doc.url
2017-01-10 13:30 - 2016-12-20 21:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 13:30 - 2016-12-20 21:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 13:30 - 2016-12-20 21:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 13:30 - 2016-12-20 21:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 13:30 - 2016-12-20 21:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 13:30 - 2016-12-20 21:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 13:30 - 2016-12-20 21:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 13:30 - 2016-12-20 21:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 13:30 - 2016-12-20 21:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 13:30 - 2016-12-20 21:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 13:30 - 2016-12-20 20:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 13:30 - 2016-12-20 20:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 13:30 - 2016-12-20 20:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 13:30 - 2016-12-20 20:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 13:30 - 2016-12-20 20:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 13:30 - 2016-12-20 20:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 13:30 - 2016-12-20 20:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 13:30 - 2016-12-20 20:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 13:30 - 2016-12-20 20:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 13:30 - 2016-12-20 20:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 13:30 - 2016-12-20 20:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 13:30 - 2016-12-20 20:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 13:30 - 2016-12-20 20:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 13:30 - 2016-12-20 20:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 13:30 - 2016-12-20 20:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 13:30 - 2016-12-20 20:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 13:30 - 2016-12-20 20:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 13:30 - 2016-12-20 20:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 13:30 - 2016-12-20 20:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 13:30 - 2016-12-20 20:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 13:30 - 2016-12-20 20:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 13:30 - 2016-12-20 20:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 13:30 - 2016-12-20 20:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 13:30 - 2016-12-20 20:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 13:30 - 2016-12-20 20:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 13:30 - 2016-12-20 20:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 13:30 - 2016-12-20 20:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 13:30 - 2016-12-20 20:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 13:30 - 2016-12-13 21:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 13:30 - 2016-12-13 21:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 13:30 - 2016-12-13 21:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 13:30 - 2016-12-13 21:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 13:30 - 2016-12-13 21:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 13:30 - 2016-12-13 21:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 13:30 - 2016-12-13 20:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 13:30 - 2016-12-13 20:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 13:30 - 2016-12-13 20:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 13:30 - 2016-12-13 20:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 13:30 - 2016-12-13 20:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 13:30 - 2016-12-13 20:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 13:30 - 2016-12-13 20:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 13:30 - 2016-12-13 20:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 13:30 - 2016-12-13 20:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 13:30 - 2016-12-13 20:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 13:30 - 2016-12-13 20:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 13:30 - 2016-12-13 20:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 13:30 - 2016-12-13 20:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 13:30 - 2016-12-13 20:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 13:30 - 2016-12-13 20:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 13:30 - 2016-11-02 04:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 13:30 - 2016-08-01 20:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 13:28 - 2016-12-21 00:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 13:28 - 2016-12-21 00:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 13:28 - 2016-12-20 23:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 13:28 - 2016-12-20 23:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 13:28 - 2016-12-20 23:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 13:28 - 2016-12-20 23:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 13:28 - 2016-12-20 23:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 13:28 - 2016-12-20 23:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 13:28 - 2016-12-20 23:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 13:28 - 2016-12-20 23:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 13:28 - 2016-12-20 23:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 13:28 - 2016-12-20 23:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 13:28 - 2016-12-20 23:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 13:28 - 2016-12-20 23:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 13:28 - 2016-12-20 23:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 13:28 - 2016-12-20 23:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 13:28 - 2016-12-20 23:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 13:28 - 2016-12-20 23:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 13:28 - 2016-12-20 23:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 13:28 - 2016-12-20 23:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 13:28 - 2016-12-20 23:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 13:28 - 2016-12-20 23:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 13:28 - 2016-12-20 23:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 13:28 - 2016-12-20 23:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 13:28 - 2016-12-20 23:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 13:28 - 2016-12-20 23:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 13:28 - 2016-12-20 23:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 13:28 - 2016-12-20 23:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 13:28 - 2016-12-20 23:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 13:28 - 2016-12-20 23:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 13:28 - 2016-12-20 23:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 13:28 - 2016-12-20 23:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 13:28 - 2016-12-20 23:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 13:28 - 2016-12-20 23:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 13:28 - 2016-12-20 23:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 13:28 - 2016-12-20 23:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 13:28 - 2016-12-20 22:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 13:28 - 2016-12-20 22:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 13:28 - 2016-12-20 22:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 13:28 - 2016-12-20 22:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 13:28 - 2016-12-20 22:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 13:28 - 2016-12-20 22:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 13:28 - 2016-12-20 22:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 13:28 - 2016-12-20 22:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 13:28 - 2016-12-20 22:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 13:28 - 2016-12-20 22:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 13:28 - 2016-12-20 22:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 13:28 - 2016-12-20 22:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 13:28 - 2016-12-20 22:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 13:28 - 2016-12-13 21:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 13:28 - 2016-12-13 21:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 13:28 - 2016-12-13 21:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 13:28 - 2016-12-13 21:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 13:28 - 2016-12-13 21:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 13:28 - 2016-12-13 20:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 13:28 - 2016-12-13 20:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 13:28 - 2016-12-13 20:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 13:28 - 2016-12-13 20:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 13:28 - 2016-12-13 20:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 13:28 - 2016-12-13 20:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 13:28 - 2016-12-13 20:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 13:28 - 2016-12-13 20:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 13:28 - 2016-12-13 20:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 13:28 - 2016-12-13 20:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 13:28 - 2016-12-13 20:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 13:28 - 2016-12-13 20:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 13:28 - 2016-12-13 20:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 13:28 - 2016-12-13 20:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 13:28 - 2016-12-13 20:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 13:28 - 2016-12-13 20:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 13:28 - 2016-12-13 20:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 13:28 - 2016-12-13 20:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 13:28 - 2016-12-13 20:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 13:28 - 2016-12-13 20:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 13:28 - 2016-12-13 20:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 13:27 - 2016-12-21 00:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 13:27 - 2016-12-20 23:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 13:27 - 2016-12-20 23:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 13:27 - 2016-12-20 23:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 13:27 - 2016-12-20 22:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 13:27 - 2016-12-20 22:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 13:27 - 2016-12-20 22:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 13:27 - 2016-12-20 22:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 13:27 - 2016-12-20 22:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 13:27 - 2016-12-20 22:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 13:27 - 2016-12-20 22:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 13:27 - 2016-12-13 21:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 13:27 - 2016-12-13 21:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 13:27 - 2016-12-13 21:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 13:27 - 2016-12-13 21:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 13:27 - 2016-12-13 21:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 13:27 - 2016-12-13 21:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 13:27 - 2016-12-13 21:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 13:27 - 2016-12-13 20:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 13:27 - 2016-12-13 20:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 13:27 - 2016-12-13 20:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 13:27 - 2016-12-13 20:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 13:27 - 2016-12-13 20:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 13:27 - 2016-12-13 20:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 13:27 - 2016-12-13 20:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 13:27 - 2016-12-13 20:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 13:27 - 2016-12-13 20:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 13:27 - 2016-12-13 20:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 13:27 - 2016-11-02 03:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 13:27 - 2016-11-02 02:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 13:27 - 2016-11-02 02:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 13:27 - 2016-11-02 02:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-09 10:40 - 2017-01-24 04:34 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-01-09 06:52 - 2017-01-09 06:52 - 00211617 _____ C:\Users\Janet's\Desktop\2016 taxes 1095-A.pdf
2017-01-09 06:51 - 2017-01-09 06:51 - 00211617 _____ C:\Users\Janet's\Downloads\1483798522984.pdf
2017-01-07 11:05 - 2017-01-07 11:05 - 00000000 ____D C:\Users\Janet's\Desktop\Cross stitch
2017-01-07 10:10 - 2017-01-07 11:01 - 00000000 ____D C:\Users\Janet's\Desktop\Danny
2017-01-06 16:03 - 2017-01-06 16:03 - 00000054 _____ C:\Users\Janet's\Desktop\Hemingway Editor.url
2017-01-06 12:31 - 2017-01-06 12:31 - 00000122 _____ C:\Users\Janet's\Downloads\04 - Face Down (Alliance Edition).m3u
2017-01-06 12:31 - 2017-01-06 12:31 - 00000122 _____ C:\Users\Janet's\Downloads\04 - Face Down (Alliance Edition) (1).m3u
2017-01-06 12:31 - 2017-01-06 12:31 - 00000122 _____ C:\Users\Janet's\Downloads\04 - Face Down (Album Version).m3u
2017-01-05 12:24 - 2017-01-05 12:24 - 02640510 _____ C:\Users\Janet's\Downloads\Phase1Unit3_sanitized.pdf
2017-01-04 15:31 - 2017-01-06 10:45 - 00012023 _____ C:\Users\Janet's\Desktop\Marlene Housing.xlsx
2017-01-04 15:30 - 2017-01-04 15:30 - 00010577 _____ C:\Users\Janet's\Downloads\Marlene Housing.xlsx
2017-01-03 14:12 - 2017-01-09 08:32 - 00000434 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2017-01-03 14:12 - 2017-01-05 14:42 - 00000000 ___RD C:\Users\Janet's\Documents\RocketLifeNetwork
2017-01-03 14:12 - 2017-01-03 14:12 - 00003514 _____ C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator
2017-01-03 14:12 - 2017-01-03 14:12 - 00000000 ____D C:\Users\Janet's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2017-01-03 14:10 - 2017-01-05 14:42 - 00000000 ____D C:\Users\Janet's\AppData\Roaming\HP Photo Creations
2017-01-03 14:10 - 2017-01-03 14:12 - 00000000 ____D C:\Users\Janet's\AppData\Roaming\Visan
2017-01-03 14:10 - 2017-01-03 14:10 - 00649088 _____ (HP) C:\Users\Janet's\Downloads\HPPhotoCreations-zf7909.exe
2017-01-03 14:10 - 2017-01-03 14:10 - 00000000 ____D C:\Users\Janet's\AppData\Local\RLPlatform
2017-01-03 12:51 - 2016-12-09 02:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-01-03 12:51 - 2016-12-09 02:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-01-03 12:51 - 2016-12-09 02:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-01-03 12:51 - 2016-12-09 02:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-01-03 12:51 - 2016-12-09 02:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-01-03 12:51 - 2016-12-09 02:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-01-03 12:51 - 2016-12-09 02:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-01-03 12:51 - 2016-12-09 01:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2017-01-03 12:51 - 2016-12-09 01:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-01-03 12:51 - 2016-12-09 01:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-01-03 12:51 - 2016-12-09 01:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-01-03 12:51 - 2016-12-09 01:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-01-03 12:51 - 2016-12-09 01:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-01-03 12:51 - 2016-12-09 01:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-01-03 12:51 - 2016-12-09 01:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-01-03 12:51 - 2016-12-09 01:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-01-03 12:51 - 2016-12-09 01:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2017-01-03 12:51 - 2016-12-09 01:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2017-01-03 12:50 - 2016-12-09 02:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-01-03 12:50 - 2016-12-09 02:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-01-03 12:50 - 2016-12-09 02:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-01-03 12:50 - 2016-12-09 02:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-01-03 12:50 - 2016-12-09 02:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-01-03 12:50 - 2016-12-09 02:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-01-03 12:50 - 2016-12-09 02:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-01-03 12:50 - 2016-12-09 02:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-03 12:50 - 2016-12-09 02:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-01-03 12:50 - 2016-12-09 02:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-01-03 12:50 - 2016-12-09 02:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-01-03 12:50 - 2016-12-09 02:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-01-03 12:50 - 2016-12-09 02:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-01-03 12:50 - 2016-12-09 02:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-01-03 12:50 - 2016-12-09 02:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-01-03 12:50 - 2016-12-09 02:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-01-03 12:50 - 2016-12-09 02:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-01-03 12:50 - 2016-12-09 02:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-01-03 12:50 - 2016-12-09 02:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-01-03 12:50 - 2016-12-09 02:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-01-03 12:50 - 2016-12-09 02:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-01-03 12:50 - 2016-12-09 02:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-01-03 12:50 - 2016-12-09 02:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-01-03 12:50 - 2016-12-09 02:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-01-03 12:50 - 2016-12-09 02:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-01-03 12:50 - 2016-12-09 01:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-01-03 12:50 - 2016-12-09 01:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-01-03 12:50 - 2016-12-09 01:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-01-03 12:50 - 2016-12-09 01:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-01-03 12:50 - 2016-12-09 01:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-01-03 12:50 - 2016-12-09 01:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-01-03 12:50 - 2016-12-09 01:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-01-03 12:50 - 2016-12-09 01:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2017-01-03 12:50 - 2016-12-09 01:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-01-03 12:50 - 2016-12-09 01:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2017-01-03 12:50 - 2016-12-09 01:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-01-03 12:50 - 2016-12-09 01:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-01-03 12:50 - 2016-12-09 01:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-01-03 12:50 - 2016-12-09 01:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-01-03 12:50 - 2016-12-09 01:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-01-03 12:50 - 2016-12-09 01:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-01-03 12:50 - 2016-12-09 01:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-01-03 12:50 - 2016-12-09 01:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-01-03 12:50 - 2016-12-09 01:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-01-03 12:50 - 2016-12-09 01:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-01-03 12:50 - 2016-12-09 01:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-01-03 12:50 - 2016-12-09 01:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-01-03 12:50 - 2016-12-09 01:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-03 12:50 - 2016-12-09 01:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-01-03 12:50 - 2016-12-09 01:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-01-03 12:50 - 2016-12-09 01:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-01-03 12:50 - 2016-12-09 01:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-01-03 12:50 - 2016-12-09 01:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-01-03 12:50 - 2016-12-09 01:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-01-03 12:50 - 2016-12-09 01:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-01-03 12:50 - 2016-12-09 01:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-01-03 12:50 - 2016-12-09 01:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2017-01-03 12:50 - 2016-12-09 01:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-03 12:50 - 2016-12-09 01:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2017-01-03 12:50 - 2016-12-09 01:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-01-03 12:50 - 2016-12-09 00:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-30 08:56 - 2016-12-30 08:56 - 00000200 _____ C:\Users\Janet's\Desktop\Winterfest Plush a Day! - WKN- Webkinz Newz.url
2016-12-30 07:48 - 2016-12-30 07:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-12-30 07:48 - 2016-12-30 07:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-12-30 07:47 - 2016-12-30 07:47 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-30 07:47 - 2016-12-30 07:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-30 07:47 - 2016-12-30 07:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-30 07:47 - 2016-12-30 07:47 - 00000000 ____D C:\Program Files\iTunes
2016-12-30 07:47 - 2016-12-30 07:47 - 00000000 ____D C:\Program Files\iPod
2016-12-29 15:01 - 2016-12-29 15:01 - 00065798 _____ C:\Users\Janet's\Downloads\How to Fix Common Errors in Android 6.0 _ Drippler - Apps%2c Games%2c News%2c Updates & Accessories.html
2016-12-29 14:55 - 2016-12-29 14:55 - 00000079 _____ C:\Users\Janet's\Desktop\Tower Chicken Farm - 35 Photos & 22 Reviews - Butcher - 4111 S 6th St, Wilson Park, Milwaukee, WI - Phone Number - Yelp.url
2016-12-29 08:32 - 2016-12-29 08:32 - 00007659 _____ C:\Users\Janet's\Desktop\Hawaiian Pineapple Sausage Baked Beans in the Crock Pot - Shortcut.lnk
2016-12-29 08:05 - 2016-12-29 08:05 - 00031744 _____ C:\Users\Janet's\Downloads\Q -- draft (1).doc
2016-12-29 07:24 - 2016-12-29 07:24 - 00031744 _____ C:\Users\Janet's\Downloads\Q -- draft.doc
2016-12-28 13:56 - 2016-12-28 13:56 - 00000000 ____D C:\Program Files (x86)\WugFresh Development
2016-12-28 13:52 - 2016-12-28 13:52 - 00000000 ____D C:\Users\Janet's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WugFresh Development
2016-12-28 13:48 - 2016-12-28 13:51 - 47009064 _____ (WugFresh Development) C:\Users\Janet's\Downloads\NRT_v2.1.9.sfx.exe
2016-12-28 13:00 - 2017-01-09 10:30 - 00000000 ____D C:\Users\Janet's\Desktop\Alan SafariBooking
2016-12-28 12:59 - 2016-12-28 12:59 - 00242817 _____ C:\Users\Janet's\Downloads\Brief for Janet Devlin.pdf
2016-12-28 12:59 - 2016-12-28 12:59 - 00048156 _____ C:\Users\Janet's\Downloads\SafariBookings style manual.docx
2016-12-28 12:47 - 2016-12-28 12:47 - 00291263 _____ C:\Users\Janet's\Downloads\Proofing_work_for_SafariBookings.zip
2016-12-28 12:23 - 2016-12-28 12:23 - 00017728 _____ C:\Users\Janet's\Downloads\Write Your Book on the Side (3).docx
2016-12-28 12:22 - 2016-12-28 12:22 - 00017728 _____ C:\Users\Janet's\Downloads\Write Your Book on the Side (2).docx
2016-12-28 11:22 - 2016-12-28 11:22 - 00017728 _____ C:\Users\Janet's\Downloads\Write Your Book on the Side (1).docx
2016-12-28 11:20 - 2016-12-28 11:20 - 00017728 _____ C:\Users\Janet's\Downloads\Write Your Book on the Side.docx
2016-12-28 10:52 - 2017-01-19 16:18 - 00000000 ____D C:\Users\Janet's\Rerware
2016-12-28 10:52 - 2016-12-29 08:35 - 00000000 ____D C:\Users\Janet's\Desktop\MyBackupPC
2016-12-28 10:46 - 2016-12-28 10:46 - 00000000 ____D C:\Program Files (x86)\Rerware
2016-12-28 10:42 - 2016-12-28 10:46 - 26806602 _____ C:\Users\Janet's\Downloads\MyBackupPC_Installer.exe
2016-12-28 10:36 - 2016-12-28 10:37 - 08537732 _____ C:\Users\Janet's\Downloads\MyBackup (4).apk
2016-12-28 10:34 - 2016-12-28 10:34 - 08537732 _____ C:\Users\Janet's\Downloads\MyBackup (3).apk
2016-12-28 10:33 - 2016-12-28 10:33 - 08537732 _____ C:\Users\Janet's\Downloads\MyBackup (2).apk.42b3tqs.partial
2016-12-28 10:32 - 2016-12-28 10:33 - 08537732 _____ C:\Users\Janet's\Downloads\MyBackup (2).apk
2016-12-28 10:32 - 2016-12-28 10:32 - 08537732 _____ C:\Users\Janet's\Downloads\MyBackup (1).apk
2016-12-28 10:30 - 2016-12-28 10:31 - 08537732 _____ C:\Users\Janet's\Downloads\MyBackup.apk
2016-12-28 09:35 - 2016-12-28 09:35 - 02662800 _____ (Google) C:\Users\Janet's\Downloads\gpautobackup_setup.exe
2016-12-28 09:35 - 2016-12-28 09:35 - 00000000 ____D C:\Users\Janet's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-24 11:12 - 2016-04-14 16:55 - 01307136 ___SH C:\Users\Janet's\Downloads\Thumbs.db
2017-01-24 11:12 - 2016-01-29 15:00 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-01-24 11:07 - 2014-12-31 16:04 - 00000000 ____D C:\Users\Janet's\AppData\Local\VirtualStore
2017-01-24 10:36 - 2016-10-03 17:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-24 08:14 - 2016-11-22 00:02 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-01-24 08:02 - 2016-01-05 14:19 - 00000000 ____D C:\Users\Janet's\Desktop\FaceBook
2017-01-24 07:52 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-24 04:37 - 2015-01-31 09:32 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-24 04:36 - 2016-10-03 17:56 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-01-24 04:36 - 2016-10-03 17:56 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-01-24 04:36 - 2016-07-16 03:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-01-24 00:33 - 2015-01-31 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-24 00:33 - 2015-01-31 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-23 08:27 - 2016-08-27 10:42 - 00002477 _____ C:\Users\Janet's\Desktop\Hello - Shortcut.lnk
2017-01-23 08:27 - 2015-01-03 17:49 - 00002417 _____ C:\Users\Janet's\Desktop\Outlook 2013.lnk
2017-01-23 08:27 - 2015-01-02 15:55 - 00002461 _____ C:\Users\Janet's\Desktop\Word 2013.lnk
2017-01-23 08:19 - 2016-03-06 07:50 - 00000000 ____D C:\Users\Janet's\AppData\Local\Packages
2017-01-23 07:45 - 2016-10-03 17:34 - 01249316 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-23 07:44 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-23 07:10 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-22 16:29 - 2015-11-09 14:15 - 00000000 ____D C:\Users\Janet's\Desktop\Cover Letters
2017-01-22 15:12 - 2015-12-04 10:51 - 00000000 ____D C:\Users\Janet's\Desktop\UpWork
2017-01-22 09:45 - 2016-04-12 10:57 - 02507776 ___SH C:\Users\Janet's\Desktop\Thumbs.db
2017-01-22 08:36 - 2015-01-02 17:14 - 00271360 _____ C:\Users\Janet's\Documents\Cooncatz@wi.rr.com - NEW MAIL ACCT.pst
2017-01-22 08:36 - 2015-01-02 13:35 - 00000000 ____D C:\Users\Janet's\Documents\Outlook Files
2017-01-22 08:36 - 2015-01-02 11:52 - 00525312 _____ C:\Users\Janet's\Documents\Outlook.pst
2017-01-21 14:00 - 2015-04-17 06:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-21 14:00 - 2015-04-17 06:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 23:13 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-20 11:54 - 2016-05-19 06:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-20 11:54 - 2016-05-19 06:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-20 11:54 - 2016-05-19 06:44 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-20 11:54 - 2015-02-13 05:51 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-01-19 16:20 - 2015-01-31 09:39 - 00000000 __RSD C:\Users\Janet's\Documents\McAfee Vaults
2017-01-19 16:20 - 2015-01-02 05:48 - 00000000 ___RD C:\Users\Janet's\OneDrive
2017-01-19 16:17 - 2016-10-03 17:31 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-19 16:17 - 2015-01-02 05:19 - 00000000 __SHD C:\Users\Janet's\IntelGraphicsProfiles
2017-01-19 16:13 - 2016-10-03 17:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-19 16:12 - 2016-07-15 22:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-19 16:11 - 2014-12-31 16:05 - 00000000 ____D C:\Users\Janet's\AppData\Local\ElevatedDiagnostics
2017-01-19 15:40 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-19 07:59 - 2016-12-13 07:58 - 00003282 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-19 07:59 - 2016-03-06 07:54 - 00002416 _____ C:\Users\Janet's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-18 17:27 - 2015-01-04 10:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-18 13:50 - 2015-01-03 19:50 - 00002687 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2017-01-18 13:50 - 2015-01-03 19:50 - 00002687 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2017-01-18 13:48 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-18 13:48 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-18 13:47 - 2015-01-03 17:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-18 13:41 - 2016-03-06 07:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-18 13:40 - 2016-07-15 22:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-01-18 13:38 - 2016-11-18 12:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-18 13:38 - 2016-10-03 17:28 - 00240088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-18 13:38 - 2015-01-14 10:10 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-18 13:38 - 2015-01-02 19:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-18 13:37 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\Cursors
2017-01-18 13:36 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-18 13:36 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-18 13:36 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-18 13:36 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-18 13:36 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-18 10:10 - 2015-12-04 10:48 - 00000000 ____D C:\Users\Janet's\Desktop\PLANTS
2017-01-18 10:08 - 2016-12-06 16:29 - 00000000 ____D C:\Users\Janet's\Desktop\Alpin
2017-01-13 11:56 - 2016-01-04 09:41 - 00000000 ____D C:\Users\Janet's\AppData\Local\Package Cache
2017-01-13 08:48 - 2016-11-18 12:55 - 00000000 ____D C:\Users\Janet's\AppData\LocalLow\Mozilla
2017-01-12 15:04 - 2015-01-01 14:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-12 14:59 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-12 14:59 - 2015-01-01 14:05 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-11 16:21 - 2016-11-29 16:27 - 00000000 ____D C:\Users\Janet's\Desktop\NMD
2017-01-11 13:17 - 2016-10-03 17:56 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 12:47 - 2016-02-25 12:25 - 00000000 ____D C:\Users\Janet's\Desktop\Tips
2017-01-11 00:06 - 2014-08-18 17:05 - 00000000 ____D C:\ProgramData\McAfee
2017-01-11 00:06 - 2014-08-18 17:05 - 00000000 ____D C:\ProgramData\McAfee
2017-01-10 00:50 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-10 00:50 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-09 08:30 - 2016-10-03 17:35 - 00000000 ____D C:\Users\Janet's
2017-01-07 11:06 - 2016-05-07 08:11 - 00000000 ____D C:\Users\Janet's\Desktop\Shopping
2017-01-07 11:02 - 2016-05-23 11:21 - 00000000 ____D C:\Users\Janet's\Desktop\HB news
2017-01-07 10:40 - 2016-09-16 13:10 - 00000000 ____D C:\Users\Janet's\Desktop\Advice from editors
2017-01-07 10:39 - 2015-12-28 10:29 - 00000000 ____D C:\Users\Janet's\Desktop\Proofing Editing
2017-01-07 10:36 - 2015-11-23 14:00 - 00000000 ____D C:\Users\Janet's\Desktop\Grammar and Formatting
2017-01-07 10:16 - 2016-04-06 12:15 - 00000000 ____D C:\Users\Janet's\Desktop\Learning
2017-01-07 10:15 - 2015-12-17 13:11 - 00000000 ____D C:\Users\Janet's\Desktop\Writing
2017-01-07 10:13 - 2016-04-06 12:45 - 00000000 ____D C:\Users\Janet's\Desktop\STYLES
2017-01-07 10:09 - 2015-01-22 16:13 - 00000000 ____D C:\Users\Janet's\Documents\Recipes
2017-01-05 14:43 - 2015-03-20 02:14 - 00000000 ____D C:\Users\Janet's\Desktop\PC Apps
2017-01-04 14:36 - 2007-07-20 21:36 - 00000000 ____D C:\Users\Janet's\Desktop\_EXCEL DOCS
2017-01-04 08:41 - 2015-01-03 12:53 - 00000000 ____D C:\Users\Janet's\AppData\Local\CrashDumps
2017-01-03 14:09 - 2015-01-02 21:07 - 00000000 ____D C:\Users\Janet's\AppData\Local\HP
2017-01-03 12:09 - 2016-06-09 07:05 - 00000690 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3941794247-3169808309-3500582986-1000.job
2017-01-03 12:09 - 2016-06-09 07:05 - 00000594 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3941794247-3169808309-3500582986-1000.job
2017-01-03 12:09 - 2015-09-16 09:48 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3941794247-3169808309-3500582986-1000UA.job
2017-01-03 12:09 - 2015-09-16 09:48 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3941794247-3169808309-3500582986-1000Core.job
2017-01-03 12:07 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-03 12:07 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-01-03 12:07 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-03 12:07 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-01-03 12:06 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-01-03 12:06 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\servicing
2017-01-03 01:38 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-30 07:47 - 2016-07-15 22:04 - 00000000 ___RD C:\Program Files
2016-12-30 07:47 - 2015-01-02 19:00 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-29 14:22 - 2016-09-16 13:06 - 00000000 ____D C:\Users\Janet's\Desktop\good things
2016-12-28 13:56 - 2016-07-15 22:04 - 00000000 ___RD C:\Program Files (x86)
2016-12-28 13:26 - 2016-03-21 13:13 - 00000000 ____D C:\Users\Janet's\Desktop\Edit Samples
2016-12-28 09:35 - 2015-01-25 11:51 - 00000000 ____D C:\Users\Janet's\AppData\Local\Google
2016-12-26 06:56 - 2015-10-21 09:31 - 00000000 ____D C:\Users\Janet's\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2015-09-05 07:56 - 2015-12-04 14:49 - 0038431 _____ () C:\Users\Janet's\AppData\Roaming\Comma Separated Values.ADR
2015-04-11 08:40 - 2015-04-11 08:40 - 0007619 _____ () C:\Users\Janet's\AppData\Local\Resmon.ResmonCfg
2015-11-27 08:59 - 2015-11-27 08:59 - 0000003 _____ () C:\Users\Janet's\AppData\Local\updater.log
2015-11-27 08:59 - 2015-11-27 08:59 - 0000424 _____ () C:\Users\Janet's\AppData\Local\UserProducts.xml
2015-01-02 21:08 - 2015-01-02 21:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-10-03 17:31 - 2016-10-03 17:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2016-12-20 12:01 - 2016-11-11 02:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Janet's\AppData\Local\Temp\dllnt_dump.dll
2017-01-17 21:49 - 2017-01-17 21:49 - 0739904 _____ (Oracle Corporation) C:\Users\Janet's\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-11-29 14:21 - 2016-11-29 14:22 - 43886552 _____ (Skype Technologies S.A.) C:\Users\Janet's\AppData\Local\Temp\SkypeSetup.exe
2016-12-28 10:52 - 2016-12-28 10:52 - 0515584 _____ () C:\Users\Janet's\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-20 23:10
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 AM

Posted 25 January 2017 - 10:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove these 2 versions via the Control panel > Programs > Programs and Features.
Use the Farbar tool from now on to report problems.

(Trend Micro Inc.) C:\Users\Janet's\Downloads\HijackThis.exe
(Trend Micro Inc.) C:\Users\Janet's\Downloads\HijackThis (1).exe

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Run: [Google Update] => C:\Users\Janet's\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903\Extensions\artur.dubovoy@gmail.com [2017-01-11]
CHR Extension: (Honey) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-01-24]
CHR Extension: (Coupons at Checkout) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2017-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
U3 mfeaack01; no ImagePath
U3 mfeavfk01; no ImagePath
U3 mfehidk01; no ImagePath
U3 idsvc; no ImagePath

HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1EEE45C4-9468-D082-92D5-9FEF85889A47} => No File
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Janet's\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Janet's\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Janet's\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Janet's\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Janet's\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {58975BD1-9468-D082-87CB-E6A985889A47} => No File
Task: {312C960D-5469-4BCD-A703-AF98AA704CF7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {42EBB0BE-9F82-41D0-BB1C-F40629AE2938} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {49F0EE18-F34A-479E-8793-73A6831036B8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {71524618-39D1-492B-8231-4681546116F6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {71FB8588-E1A3-4887-96C9-87A30B01DA4D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {75E54B0E-6631-40D4-B2CF-8288B02168EA} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {86984F42-4065-4E6C-AFD9-2B383347CFE6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9132AB2F-A4B1-4275-9F97-0C0B2DD9F2A1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {940C8366-562D-49CC-923C-D2E2AF24F120} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9DF8AD21-270D-4540-BABB-B5D5B4F0333A} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {A6376CD2-E923-4FB6-959B-D1423A55C159} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA390088-FBFD-46A5-B4FB-21BD2785D994} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DE3C1AF5-2815-4778-8DB2-D98794BE1183} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E6752451-46F8-4E03-9574-A5C160CF59D0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F4D364E3-E513-43A6-880F-0BE9DF9B908B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:C46995DA [136]
AlternateDataStreams: C:\ProgramData\TEMP:C46995DA [136]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

When all is later I suggest you update these 3rd party programs.

ADOBE SHOCKWARE

Navigate to this page and follow the instructions and get the latest version.
https://www.adobe.com/shockwave/welcome/

=====

ADOBE AIR

Navigate to this page and follow the instructions and get the latest version.
https://get.adobe.com/air/
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the updates remove the old version(s) via the Control Panel > Programs > Programs and Features.

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
===

Please let me know what problem persists with this computer.

p.s.
Is it possible that your Word Template be corrupted.?

Refer to this article.
http://smallbusiness.chron.com/restore-ms-office-normal-template-63456.html

If you delete the Current normal.dotm a new one will be created.

You can rename it as suggested in the article.
Read the complete article before proceeding.

#3 Cooncatz

Cooncatz
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 25 January 2017 - 11:56 AM

Hello nasdaq, and thanks for helping me!

 

I could not find hijack this under programs. Was shocked to find it running and could only delete to bin. Could find no way to uninstall.

AHA! on java update, that was the first message I got upon restart. 

 

After running FRST and restarting, my outlook mail won't launch and still have typing errors (multiple letters.) Had to launch chrome twice to get any internet.

 

Here is log: (I will follow next steps too.)

---------------------

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017
Ran by Janet's (25-01-2017 08:24:25) Run:1
Running from C:\Users\Janet's\Downloads
Loaded Profiles: Janet's (Available Profiles: Janet's & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\Run: [Google Update] => C:\Users\Janet's\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903\Extensions\artur.dubovoy@gmail.com [2017-01-11]
CHR Extension: (Honey) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-01-24]
CHR Extension: (Coupons at Checkout) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2017-01-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
U3 mfeaack01; no ImagePath
U3 mfeavfk01; no ImagePath
U3 mfehidk01; no ImagePath
U3 idsvc; no ImagePath
 
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1EEE45C4-9468-D082-92D5-9FEF85889A47} => No File
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Janet's\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Janet's\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Janet's\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Janet's\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Janet's\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {58975BD1-9468-D082-87CB-E6A985889A47} => No File
Task: {312C960D-5469-4BCD-A703-AF98AA704CF7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {42EBB0BE-9F82-41D0-BB1C-F40629AE2938} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {49F0EE18-F34A-479E-8793-73A6831036B8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {71524618-39D1-492B-8231-4681546116F6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {71FB8588-E1A3-4887-96C9-87A30B01DA4D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {75E54B0E-6631-40D4-B2CF-8288B02168EA} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {86984F42-4065-4E6C-AFD9-2B383347CFE6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9132AB2F-A4B1-4275-9F97-0C0B2DD9F2A1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {940C8366-562D-49CC-923C-D2E2AF24F120} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9DF8AD21-270D-4540-BABB-B5D5B4F0333A} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {A6376CD2-E923-4FB6-959B-D1423A55C159} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA390088-FBFD-46A5-B4FB-21BD2785D994} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DE3C1AF5-2815-4778-8DB2-D98794BE1183} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E6752451-46F8-4E03-9574-A5C160CF59D0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F4D364E3-E513-43A6-880F-0BE9DF9B908B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:C46995DA [136]
AlternateDataStreams: C:\ProgramData\TEMP:C46995DA [136]
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully
C:\Users\Janet's\AppData\Roaming\Mozilla\Firefox\Profiles\t6axdzv0.default-1448906551903\Extensions\artur.dubovoy@gmail.com => moved successfully
C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj => moved successfully
C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb => moved successfully
C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\mfeaack01 => key removed successfully
mfeaack01 => service removed successfully
HKLM\System\CurrentControlSet\Services\mfeavfk01 => key removed successfully
mfeavfk01 => service removed successfully
HKLM\System\CurrentControlSet\Services\mfehidk01 => key removed successfully
mfehidk01 => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\ChromeHTML => key removed successfully
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B} => key removed successfully
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
HKU\S-1-5-21-3941794247-3169808309-3500582986-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{312C960D-5469-4BCD-A703-AF98AA704CF7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{312C960D-5469-4BCD-A703-AF98AA704CF7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42EBB0BE-9F82-41D0-BB1C-F40629AE2938} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42EBB0BE-9F82-41D0-BB1C-F40629AE2938} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49F0EE18-F34A-479E-8793-73A6831036B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49F0EE18-F34A-479E-8793-73A6831036B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71524618-39D1-492B-8231-4681546116F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71524618-39D1-492B-8231-4681546116F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71FB8588-E1A3-4887-96C9-87A30B01DA4D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71FB8588-E1A3-4887-96C9-87A30B01DA4D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75E54B0E-6631-40D4-B2CF-8288B02168EA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75E54B0E-6631-40D4-B2CF-8288B02168EA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86984F42-4065-4E6C-AFD9-2B383347CFE6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86984F42-4065-4E6C-AFD9-2B383347CFE6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9132AB2F-A4B1-4275-9F97-0C0B2DD9F2A1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9132AB2F-A4B1-4275-9F97-0C0B2DD9F2A1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{940C8366-562D-49CC-923C-D2E2AF24F120} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{940C8366-562D-49CC-923C-D2E2AF24F120} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DF8AD21-270D-4540-BABB-B5D5B4F0333A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DF8AD21-270D-4540-BABB-B5D5B4F0333A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6376CD2-E923-4FB6-959B-D1423A55C159} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6376CD2-E923-4FB6-959B-D1423A55C159} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA390088-FBFD-46A5-B4FB-21BD2785D994} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA390088-FBFD-46A5-B4FB-21BD2785D994} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE3C1AF5-2815-4778-8DB2-D98794BE1183} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE3C1AF5-2815-4778-8DB2-D98794BE1183} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6752451-46F8-4E03-9574-A5C160CF59D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6752451-46F8-4E03-9574-A5C160CF59D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4D364E3-E513-43A6-880F-0BE9DF9B908B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4D364E3-E513-43A6-880F-0BE9DF9B908B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
C:\ProgramData\TEMP => ":C46995DA" ADS removed successfully.
"C:\ProgramData\TEMP" => ":C46995DA" ADS not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 102264010 B
Java, Flash, Steam htmlcache => 900 B
Windows/system/drivers => 38046651 B
Edge => 3079451 B
Chrome => 853537470 B
Firefox => 406757792 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7633920 B
NetworkService => 0 B
Janet's => 706609592 B
Guest => 0 B
DefaultAppPool => 0 B
 
RecycleBin => 12105146806 B
EmptyTemp: => 13.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:32:18 ====


#4 Cooncatz

Cooncatz
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 25 January 2017 - 12:09 PM

PS - I just ran the AdAware and on my desktop, I have a folder where I keep my virus cleaner apps. I have Malwarebytes in there, etc. Well, I think it flagged it and I'm a little mystified.

 

I decided to keep the app cleaner folder an deleted the 2 weird Skechers entries. 

----------------

# AdwCleaner v6.042 - Logfile created 25/01/2017 at 09:58:09
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-25.2 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : Janet's - JANETS-PC
# Running from : C:\Users\Janet's\Downloads\adwcleaner_6.042 (2).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[!] Folder not deleted: C:\Users\Janet's\Desktop\PC Cleaners
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/itm/Nice-Skechers-Tone-Ups-Womans-Sandals-Dark-Brown-W-TMulti-Color-Strap-Size-6-/231874481672?hash=item35fccbce08:g:mJMAAOSwxp9W4x2f
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/itm/Nice-Skechers-Tone-Ups-Womans-Sandals-Dark-Brown-W-TMulti-Color-Strap-Size-6-/231874481672?hash=item35fccbce08:g:mJMAAOSwxp9W4x2f
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [6934 Bytes] - [29/01/2016 16:13:45]
C:\AdwCleaner\AdwCleaner[C2].txt - [1351 Bytes] - [25/01/2017 09:58:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [6439 Bytes] - [29/01/2016 15:32:14]
C:\AdwCleaner\AdwCleaner[S2].txt - [1713 Bytes] - [25/01/2017 09:00:18]
C:\AdwCleaner\AdwCleaner[S3].txt - [1789 Bytes] - [25/01/2017 09:57:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1643 Bytes] ##########

Edited by Cooncatz, 25 January 2017 - 01:03 PM.


#5 Cooncatz

Cooncatz
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 25 January 2017 - 12:11 PM

PSS - I have no idea if my template is corrupted in Word. Ugh. Will read article. This stuff scares me. 



#6 Cooncatz

Cooncatz
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 25 January 2017 - 12:19 PM

Me again! I'm to update JAVA, but am I also supposed to disable t?



#7 Cooncatz

Cooncatz
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 25 January 2017 - 12:25 PM

JRT.exe is unable to run on my PC. Any ideas? CORRECTION- when DL'ed from MalwareBytes it worked. 


Edited by Cooncatz, 25 January 2017 - 01:05 PM.


#8 Cooncatz

Cooncatz
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 25 January 2017 - 12:53 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by Janet's (Administrator) on Wed 01/25/2017 at 10:16:02.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Janet's\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_20B52F62C31CBE7EB2A4792C20CAF95F (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/25/2017 at 10:19:00.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by Cooncatz, 25 January 2017 - 01:20 PM.


#9 Cooncatz

Cooncatz
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 25 January 2017 - 02:27 PM

DONE!  I was in the right spot. Deleted and we will see. 


Edited by Cooncatz, 25 January 2017 - 02:45 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 AM

Posted 26 January 2017 - 09:06 AM

You can disable Java. If a program need it to run you will be informed.
You will then have to enable it. Make sure you have the latest version.
 

DONE! I was in the right spot. Deleted and we will see.


Are you taking about the Word Template?

#11 Cooncatz

Cooncatz
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 26 January 2017 - 10:29 AM

Yes, the Word template. I had no idea it was that simple. 

 

Still having problems with loading pages on the web. My school page right now is blank. I can't watch videos because of constant buffering. Is there something else going on?

 

Thanks!



#12 Cooncatz

Cooncatz
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 26 January 2017 - 10:53 AM

And the typing issues are back. :(



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:23 AM

Posted 26 January 2017 - 11:43 AM

Run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#14 Cooncatz

Cooncatz
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 26 January 2017 - 11:46 AM

When trying to DL: This site can’t be loaded from the cache

#15 Cooncatz

Cooncatz
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 26 January 2017 - 11:54 AM

I found a DL online: http://download.bleepingcomputer.com/smeenk/  - is this the same version?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users