Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Updates not cooperating, secure browsing sometimes not possible


  • This topic is locked This topic is locked
7 replies to this topic

#1 Montana Mad Dog

Montana Mad Dog

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:33 PM

Posted 09 February 2017 - 04:49 PM

Hello,

 

While doing a routine tune-up of this computer, I noticed the Windows Updates are not occurring.  Details to follow...

 

Also, browsing to secure sites (mostly governmental) such as irs.gov and ssa.gov is not possible on Firefox or Chrome.  Other sites, such as this one, are possible on Chrome, but not Firefox.

 

I'd like to figure out what is causing these problems and I suspect some sort of malware, since I found  and eliminated some threats using MBAM, AdwCleaner and JRT.  I've not run any other tools, just a few clean-up utilities.  I did run "sfc /scannow" which found errors but could not fix them.

 

Details on the Windows Updates problem:

 

Initially, the system settings were "never check" for updates, which was a rather obvious sign that something nefarious was going on.  Compounded by the fact that the drop-down box for changing the settings was greyed-out and disallowed.  "Some settings are managed by your system administrator."  Hmmmmmm....I thought I was that guy.

 

CCleaner, MBAM, JRT and AdwCleaner had some success, threats were removed and then it became possible to check for Windows Updates, but still not able to change settings.

 

Anyway, that's the details, thanks in advance for any help.

 

Here's my FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2017
Ran by Harold (administrator) on HBSRV1 (03-02-2017 14:10:35)
Running from C:\Users\Harold\Downloads
Loaded Profiles: Harold (Available Profiles: Harold)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intuit, Inc.) C:\Program Files\Intuit\QuickBooks 2011\QBHelp.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.)
HKLM\...\Run: [Display] => C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2006-10-03] (Autodesk)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2015-03-27]
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk [2015-03-27]
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2017-02-01]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk [2016-07-23]
ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-07-23]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-07-23]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-07-23]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8610.lnk [2017-02-01]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8610.lnk -> C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
Startup: C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-04-08]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55375;https=127.0.0.1:55375
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:55375;https=127.0.0.1:55375
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FA7AB9DF-C605-4284-97DB-AABCFF07552F}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001 -> DefaultScope {068F5D8B-FD30-4224-9210-2B8D87E67F23} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001 -> {068F5D8B-FD30-4224-9210-2B8D87E67F23} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-01] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20161104110045.dll [2016-11-04] (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-01] (Oracle Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll [2008-02-27] (TODO: <Company name>)
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2014-02-03] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: inui6g5v.default
FF ProfilePath: C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\inui6g5v.default [2017-02-03]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\inui6g5v.default -> Yahoo
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\inui6g5v.default -> Google Default
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\inui6g5v.default -> Yahoo
FF Homepage: Mozilla\Firefox\Profiles\inui6g5v.default -> google.com
FF SearchPlugin: C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\inui6g5v.default\searchplugins\google-default.xml [2017-02-01]
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files\Common Files\McAfee\SystemCore [2017-02-02] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-02-01] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default [2017-02-03]
CHR Extension: (Google Slides) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-02]
CHR Extension: (Google Docs) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-02]
CHR Extension: (Google Drive) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-02]
CHR Extension: (YouTube) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-02]
CHR Extension: (Google Sheets) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-02]
CHR Extension: (Google Docs Offline) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02]
CHR Extension: (Gmail) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-03-27] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [220784 2016-11-04] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [208936 2015-08-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [242408 2016-11-04] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1251840 2010-09-17] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59976 2017-01-20] ()
R3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows ® Codename Longhorn DDK provider)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [152512 2017-02-01] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [94656 2017-02-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-02-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219584 2017-02-01] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [63264 2017-02-03] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [315576 2016-11-04] (McAfee, Inc.)
R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [59584 2016-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [269872 2016-11-04] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [79992 2016-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [380504 2016-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [658528 2016-11-04] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [61736 2016-11-04] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100632 2016-11-04] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [223520 2016-11-04] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-03 14:10 - 2017-02-03 14:12 - 00017562 _____ C:\Users\Harold\Downloads\FRST.txt
2017-02-03 14:10 - 2017-02-03 14:10 - 00000000 ____D C:\FRST
2017-02-03 14:08 - 2017-02-03 14:08 - 00050477 _____ C:\Users\Harold\Downloads\Defogger.exe
2017-02-03 14:08 - 2017-02-03 14:08 - 00000000 _____ C:\Users\Harold\defogger_reenable
2017-02-03 14:04 - 2017-02-03 14:04 - 01763328 _____ (Farbar) C:\Users\Harold\Downloads\FRST (1).exe
2017-02-03 14:02 - 2017-02-03 14:03 - 01763328 _____ (Farbar) C:\Users\Harold\Downloads\FRST.exe
2017-02-02 13:59 - 2017-02-02 13:59 - 00000260 _____ C:\Users\Harold\Desktop\How to fix This site can’t be reached error in Gooogle Chrome - Troubleshooter.URL
2017-02-02 13:59 - 2017-02-02 13:59 - 00000248 _____ C:\Users\Harold\Desktop\the site can't be reached - Google Product Forums.URL
2017-02-02 13:53 - 2015-08-05 10:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-02-02 13:53 - 2015-08-05 09:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-02-02 13:52 - 2015-12-16 11:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-02-02 13:52 - 2015-12-16 11:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-02-02 13:52 - 2015-12-16 11:43 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-02-02 13:51 - 2017-02-02 13:51 - 00004695 _____ C:\Users\Harold\Downloads\backupsettings.conf
2017-02-02 13:12 - 2017-02-02 13:19 - 00000000 ____D C:\Users\Harold\AppData\Local\Google
2017-02-02 13:08 - 2017-02-02 13:08 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 13:08 - 2017-02-02 13:08 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-02 13:06 - 2017-02-02 13:07 - 00000000 ____D C:\Program Files\Google
2017-02-02 13:04 - 2017-02-02 13:04 - 00422480 _____ (Secure By Design Inc.) C:\Users\Harold\Downloads\Ninite Chrome Installer.exe
2017-02-02 11:24 - 2016-10-26 16:29 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-02 10:53 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-02 09:46 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2017-02-02 09:46 - 2016-04-14 06:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-02-02 09:46 - 2016-02-03 10:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2017-02-02 09:45 - 2016-04-08 21:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-02-02 09:45 - 2016-03-16 11:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2017-02-02 09:45 - 2016-03-16 11:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2017-02-02 09:45 - 2016-02-09 02:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2017-02-02 09:45 - 2016-02-04 11:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2017-02-02 09:45 - 2016-02-02 11:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-02-02 09:45 - 2015-11-11 11:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2017-02-02 09:45 - 2015-11-11 11:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2017-02-02 09:45 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2017-02-02 09:45 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2017-02-02 09:44 - 2016-03-17 15:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-02-02 09:44 - 2016-03-17 15:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-02-02 09:44 - 2016-03-17 15:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-02-02 09:44 - 2016-03-17 15:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 14:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-02-02 09:44 - 2016-03-17 14:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 14:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 14:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-02-02 09:44 - 2016-03-17 14:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-02-02 09:44 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-02-02 09:44 - 2015-12-20 11:45 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-02-02 09:44 - 2015-12-20 11:45 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-02-02 09:44 - 2015-12-20 09:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-02-02 09:44 - 2015-08-27 10:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-02-02 09:44 - 2015-08-27 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2017-02-02 09:43 - 2016-06-25 12:53 - 00779776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-02-02 09:43 - 2016-06-25 12:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-02-02 09:43 - 2016-06-25 12:53 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-02-02 09:43 - 2016-06-25 12:42 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-02-02 09:43 - 2016-06-25 12:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-02-02 09:43 - 2016-06-25 12:41 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-02-02 09:43 - 2016-05-12 08:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-02-02 09:43 - 2016-05-12 08:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2017-02-02 09:43 - 2016-05-12 08:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2017-02-02 09:43 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2017-02-02 09:43 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2017-02-02 09:43 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2017-02-02 09:43 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2017-02-02 09:43 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2017-02-02 09:43 - 2016-05-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2017-02-02 09:43 - 2015-12-11 11:35 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-02 09:43 - 2015-11-16 13:12 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-02 09:43 - 2015-08-05 10:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2017-02-02 09:41 - 2015-10-29 10:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2017-02-02 09:41 - 2015-10-29 10:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2017-02-02 09:41 - 2015-10-29 10:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2017-02-02 09:41 - 2015-10-29 10:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2017-02-02 09:41 - 2015-07-15 10:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2017-02-02 09:36 - 2016-03-09 11:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2017-02-02 09:36 - 2015-10-13 09:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-02-02 09:36 - 2015-10-13 09:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-02-02 09:36 - 2015-10-12 21:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-02-02 09:35 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-02-02 09:35 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-02-02 09:35 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-02-02 09:35 - 2016-07-22 07:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-02-02 09:35 - 2016-03-15 16:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-02-02 09:35 - 2016-03-15 16:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-02-02 09:35 - 2015-11-03 11:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2017-02-02 09:34 - 2015-07-22 10:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-02-02 09:33 - 2016-07-07 08:20 - 01309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-02-02 09:33 - 2016-07-07 08:20 - 00240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-02-02 09:33 - 2016-07-07 08:20 - 00187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-02-02 09:33 - 2016-07-07 07:57 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-02-02 09:33 - 2016-01-20 17:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-02-02 09:33 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-02-02 09:33 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-02-02 09:33 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2017-02-02 09:33 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-02-02 09:33 - 2015-07-16 08:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-02-02 09:33 - 2015-07-09 10:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-02-02 09:33 - 2015-07-09 10:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2017-02-02 09:32 - 2016-01-21 23:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-02-02 09:32 - 2016-01-21 23:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2017-02-02 09:31 - 2016-08-12 09:21 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-02-02 09:31 - 2016-08-12 09:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-02-02 09:31 - 2016-08-12 09:21 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-02-02 09:31 - 2015-12-08 14:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2017-02-02 09:30 - 2016-11-12 11:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-02-02 09:30 - 2016-11-12 11:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-02 09:30 - 2016-11-12 11:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-02-02 09:30 - 2016-11-12 11:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-02-02 09:30 - 2016-11-12 11:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-02-02 09:30 - 2016-11-12 11:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-02-02 09:30 - 2016-11-12 11:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-02-02 09:30 - 2016-11-12 11:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-02-02 09:30 - 2016-11-12 11:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-02-02 09:30 - 2016-11-12 11:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-02 09:30 - 2016-11-12 11:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-02-02 09:30 - 2016-11-12 11:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-02-02 09:30 - 2016-11-12 11:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-02-02 09:30 - 2016-11-12 11:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-02-02 09:30 - 2016-11-12 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-02-02 09:30 - 2016-11-12 10:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-02-02 09:30 - 2016-11-12 10:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-02-02 09:30 - 2016-11-12 10:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-02 09:30 - 2016-11-12 10:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-02-02 09:30 - 2016-11-12 10:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-02 09:30 - 2016-09-15 07:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-02-02 09:30 - 2016-08-21 06:05 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-02-02 09:29 - 2017-01-05 10:46 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-02 09:29 - 2017-01-05 10:46 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-02-02 09:29 - 2017-01-05 10:43 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-02-02 09:29 - 2017-01-05 10:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-02 09:29 - 2017-01-05 10:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-02-02 09:29 - 2017-01-05 10:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-02-02 09:29 - 2017-01-05 10:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-02 09:29 - 2017-01-05 10:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-02 09:29 - 2017-01-05 10:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-02 09:29 - 2017-01-05 10:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-02-02 09:29 - 2017-01-05 10:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-02-02 09:29 - 2017-01-05 10:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-02-02 09:29 - 2016-11-20 09:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-02-02 09:29 - 2016-11-20 07:07 - 00373896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-02 09:29 - 2016-11-17 09:27 - 00250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-02-02 09:29 - 2016-11-14 15:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-02-02 09:29 - 2016-11-12 11:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-02-02 09:29 - 2016-11-12 11:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-02-02 09:29 - 2016-11-12 11:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-02-02 09:29 - 2016-11-12 11:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-02 09:29 - 2016-11-12 10:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-02-02 09:29 - 2016-11-12 10:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-02-02 09:29 - 2016-11-12 10:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-02-02 09:29 - 2016-11-12 10:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-02-02 09:29 - 2016-11-12 10:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-02 09:29 - 2016-11-12 10:38 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-02-02 09:29 - 2016-11-12 10:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-02-02 09:29 - 2016-11-12 10:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-02 09:29 - 2016-11-12 10:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-02 09:29 - 2016-11-12 10:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-02-02 09:29 - 2016-11-10 09:19 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-02 09:29 - 2016-11-09 09:24 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-02-02 09:29 - 2016-11-09 09:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-02 09:29 - 2016-11-09 09:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-02-02 09:29 - 2016-11-09 09:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-02-02 09:29 - 2016-11-09 09:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-02-02 09:29 - 2016-11-09 09:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-02-02 09:29 - 2016-11-09 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-02-02 09:29 - 2016-11-09 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-02-02 09:29 - 2016-11-06 09:16 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-02-02 09:29 - 2016-11-06 08:55 - 02399744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-02 09:29 - 2016-11-02 08:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-02-02 09:29 - 2016-11-02 08:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-02-02 09:29 - 2016-11-02 08:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-02-02 09:29 - 2016-11-02 08:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-02-02 09:29 - 2016-11-02 07:53 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-02-02 09:29 - 2016-10-27 08:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-02-02 09:29 - 2016-10-15 08:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-02 09:29 - 2016-10-15 08:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-02-02 09:29 - 2016-10-11 08:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-02-02 09:29 - 2016-10-11 08:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-02-02 09:29 - 2016-10-11 08:21 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-02-02 09:29 - 2016-10-11 08:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-02-02 09:29 - 2016-10-11 08:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-02-02 09:29 - 2016-10-11 08:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-02-02 09:29 - 2016-10-11 08:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-02-02 09:29 - 2016-10-11 08:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-02-02 09:29 - 2016-10-11 08:18 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-02-02 09:29 - 2016-10-11 08:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-02-02 09:29 - 2016-10-11 08:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-02-02 09:29 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-02-02 09:29 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-02-02 09:29 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-02-02 09:29 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-02-02 09:29 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-02-02 09:29 - 2016-10-11 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-02-02 09:29 - 2016-10-11 08:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-02-02 09:29 - 2016-10-11 08:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-02-02 09:29 - 2016-10-11 08:18 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-02-02 09:29 - 2016-10-11 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-02-02 09:29 - 2016-10-11 08:18 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-02-02 09:29 - 2016-10-11 08:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-02-02 09:29 - 2016-10-11 07:55 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-02-02 09:29 - 2016-10-11 07:55 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-02-02 09:29 - 2016-10-11 07:55 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-02-02 09:29 - 2016-10-11 07:55 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-02-02 09:29 - 2016-10-11 07:53 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-02-02 09:29 - 2016-10-11 07:51 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-02-02 09:29 - 2016-10-11 07:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-02-02 09:29 - 2016-10-11 06:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-02-02 09:29 - 2016-10-11 06:18 - 00419648 _____ C:\Windows\system32\locale.nls
2017-02-02 09:29 - 2016-10-08 06:05 - 00534600 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-02-02 09:29 - 2016-10-07 08:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-02-02 09:29 - 2016-10-07 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-02-02 09:29 - 2016-10-07 08:12 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2017-02-02 09:29 - 2016-10-07 08:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-02-02 09:29 - 2016-10-05 07:50 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-02-02 09:29 - 2016-10-04 08:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-02-02 09:29 - 2016-10-04 08:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-02-02 09:29 - 2016-10-04 08:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-02-02 09:29 - 2016-10-04 08:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-02-02 09:29 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-02-02 09:29 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-02-02 09:29 - 2016-09-12 12:08 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-02-02 09:29 - 2016-09-09 11:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-02-02 09:29 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-02-02 09:29 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-02-02 09:29 - 2016-09-08 07:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-02-02 09:29 - 2016-09-08 07:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-02-02 09:29 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-02-02 09:29 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-02-02 09:29 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-02-02 09:29 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-02-02 09:29 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-02-02 09:29 - 2016-08-12 09:21 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-02-02 09:29 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-02-02 09:29 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-02-02 09:29 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-02-02 09:29 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-02-02 09:29 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-02-02 09:29 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-02-02 09:29 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-02-02 09:29 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-02-02 09:29 - 2016-06-14 08:25 - 00078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-02-02 09:29 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-02-02 09:29 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-02-02 09:29 - 2016-06-14 08:17 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-02-02 09:29 - 2016-06-14 08:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-02-02 09:29 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-02-02 09:29 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-02-02 09:29 - 2016-06-14 08:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-02-02 09:29 - 2016-06-14 07:55 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-02-02 09:29 - 2016-06-14 07:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-02-02 09:29 - 2016-06-14 07:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-02-02 09:27 - 2016-08-16 13:27 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-02-02 09:27 - 2016-08-16 13:27 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-02-02 09:27 - 2016-08-16 13:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-02-02 09:27 - 2016-08-16 13:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-02-02 09:27 - 2016-08-16 13:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-02-02 09:27 - 2016-08-16 13:26 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-02-02 09:27 - 2016-08-16 13:26 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-02-02 09:26 - 2016-03-06 11:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-02-02 09:26 - 2016-03-06 11:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-02-02 09:26 - 2015-12-08 14:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-02-02 09:26 - 2015-12-08 14:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-02-02 09:26 - 2015-12-08 14:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2017-02-02 09:26 - 2015-12-08 14:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2017-02-02 09:26 - 2015-12-08 14:54 - 01202688 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2017-02-02 09:26 - 2015-12-08 14:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2017-02-02 09:26 - 2015-12-08 14:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2017-02-02 09:26 - 2015-12-08 14:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2017-02-02 09:26 - 2015-12-08 14:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2017-02-02 09:26 - 2015-12-08 14:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2017-02-02 09:26 - 2015-12-08 14:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2017-02-02 09:26 - 2015-12-08 14:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2017-02-02 09:26 - 2015-12-08 14:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2017-02-02 09:26 - 2015-12-08 14:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2017-02-02 09:26 - 2015-12-08 14:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2017-02-02 09:26 - 2015-12-08 14:53 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2017-02-02 09:26 - 2015-12-08 14:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2017-02-02 09:26 - 2015-12-08 14:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2017-02-02 09:26 - 2015-12-08 14:53 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2017-02-02 09:26 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2017-02-02 09:26 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2017-02-02 09:26 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2017-02-02 09:26 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2017-02-02 09:26 - 2015-12-08 14:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2017-02-02 09:26 - 2015-12-08 14:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2017-02-02 09:26 - 2015-12-08 14:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2017-02-02 09:26 - 2015-12-08 14:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2017-02-02 09:26 - 2015-12-08 14:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2017-02-02 09:26 - 2015-12-08 14:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2017-02-02 09:26 - 2015-12-08 14:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2017-02-02 09:26 - 2015-12-08 14:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2017-02-02 09:26 - 2015-12-08 14:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2017-02-02 09:26 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2017-02-02 09:26 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2017-02-02 09:26 - 2015-11-13 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2017-02-02 09:25 - 2016-05-13 14:50 - 02945536 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-02-02 09:25 - 2016-05-13 14:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-02-02 09:25 - 2016-05-13 14:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-02-02 09:25 - 2016-05-13 14:39 - 02060288 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-02-02 09:25 - 2016-05-13 14:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-02-02 09:25 - 2016-05-13 14:38 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-02-02 09:25 - 2016-05-13 14:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-02-02 09:25 - 2016-05-13 14:38 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-02-02 09:25 - 2016-05-13 14:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-02-02 09:25 - 2016-05-13 14:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-02-02 09:25 - 2016-05-13 14:38 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-02-02 09:25 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-02-02 09:23 - 2016-02-05 11:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2017-02-02 09:23 - 2016-02-05 10:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2017-02-02 09:23 - 2016-01-11 11:54 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-02-02 09:23 - 2015-11-19 07:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-02-02 09:23 - 2015-11-19 07:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-02-02 09:23 - 2015-11-05 12:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2017-02-02 09:23 - 2015-11-05 02:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2017-02-02 09:23 - 2015-06-03 13:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2017-02-02 09:22 - 2015-07-14 19:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2017-02-02 09:21 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-02-02 09:21 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-02-02 09:21 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2017-02-02 09:21 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-02-02 09:21 - 2016-05-11 07:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-02-02 08:38 - 2016-04-08 23:59 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-02-02 08:38 - 2016-04-08 23:59 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-02-02 08:38 - 2016-04-08 23:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-02-01 17:05 - 2017-02-01 17:09 - 00000000 ____D C:\Users\Harold\Desktop\Windows updates
2017-02-01 16:52 - 2017-02-01 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
2017-02-01 16:52 - 2017-02-01 16:52 - 00000000 ____D C:\Program Files\Western Digital Corporation
2017-02-01 16:52 - 2016-10-19 09:53 - 00595251 _____ (Western Digital Corporation ) C:\Users\Harold\Desktop\setup.exe
2017-02-01 16:50 - 2017-02-01 16:50 - 00619792 _____ C:\Users\Harold\Downloads\WinDlg_v1_31.zip
2017-02-01 16:47 - 2017-02-01 16:47 - 00231760 _____ C:\Users\Harold\Downloads\CrucialScan.exe
2017-02-01 16:38 - 2017-02-01 16:38 - 00002082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2017-02-01 16:38 - 2017-02-01 16:38 - 00000000 ____D C:\Program Files\Belarc
2017-02-01 16:37 - 2017-02-01 16:37 - 03347040 _____ C:\Users\Harold\Downloads\advisorinstaller.exe
2017-02-01 16:33 - 2017-02-01 16:36 - 00000906 __RSH C:\ProgramData\ntuser.pol
2017-02-01 16:21 - 2017-02-01 16:21 - 00000694 __RSH C:\Users\Harold\ntuser.pol
2017-02-01 16:09 - 2017-02-01 16:28 - 00000000 ____D C:\Users\Harold\AppData\Local\ElevatedDiagnostics
2017-02-01 15:40 - 2017-02-01 15:40 - 00000000 ____D C:\Users\Harold\AppData\LocalLow\Adobe
2017-02-01 15:40 - 2017-02-01 15:40 - 00000000 ____D C:\Users\Harold\AppData\Local\CEF
2017-02-01 15:38 - 2017-02-01 15:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-01 15:08 - 2017-02-01 15:19 - 00000000 ____D C:\AdwCleaner
2017-02-01 14:35 - 2017-02-01 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-01 14:35 - 2017-02-01 14:35 - 00000000 ____D C:\Program Files\CCleaner
2017-02-01 14:27 - 2017-02-03 14:09 - 00000000 ____D C:\Users\Harold\AppData\LocalLow\Mozilla
2017-02-01 14:14 - 2017-02-01 16:23 - 00046427 _____ C:\Windows\system32\PCPELog.txt
2017-02-01 14:08 - 2017-02-01 14:08 - 00152512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-01 14:07 - 2017-02-03 12:39 - 00063264 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-01 14:07 - 2017-02-01 16:27 - 00219584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-01 14:07 - 2017-02-01 16:27 - 00094656 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-01 14:07 - 2017-02-01 16:27 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-01 14:06 - 2017-02-01 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-01 14:06 - 2017-02-01 14:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-01 14:06 - 2017-02-01 14:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-01 14:06 - 2017-01-20 07:47 - 00059976 _____ C:\Windows\system32\Drivers\mbae.sys
2017-02-01 13:54 - 2017-02-01 13:54 - 00000000 ____D C:\Windows\system32\Adobe
2017-02-01 13:52 - 2017-02-01 13:52 - 00000000 ____D C:\Users\Harold\AppData\Roaming\Sun
2017-02-01 13:52 - 2017-02-01 13:52 - 00000000 ____D C:\Program Files\Common Files\Java
2017-02-01 13:48 - 2017-02-01 13:48 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-02-01 13:48 - 2017-02-01 13:48 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2017-02-01 13:48 - 2017-02-01 13:48 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2017-02-01 13:47 - 2017-02-01 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-01 13:45 - 2017-02-01 13:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-02-01 13:37 - 2017-02-01 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\APC
2017-02-01 13:31 - 2017-02-01 13:31 - 00000000 ____D C:\Program Files\APC
2017-02-01 13:30 - 2017-02-01 13:30 - 13923704 _____ (Schneider Electric) C:\Users\Harold\PCPE Setup.exe
2017-02-01 13:30 - 2017-02-01 13:30 - 13338112 _____ C:\Users\Harold\PCPE_3.0.1.msi
2017-02-01 13:30 - 2017-02-01 13:30 - 01079808 _____ (Microsoft Corporation) C:\Users\Harold\mfc80u.dll
2017-02-01 13:30 - 2017-02-01 13:30 - 00626688 _____ (Microsoft Corporation) C:\Users\Harold\msvcr80.dll
2017-02-01 13:30 - 2017-02-01 13:30 - 00021880 _____ (Schneider Electric) C:\Users\Harold\grm_res.dll
2017-02-01 13:30 - 2017-02-01 13:30 - 00021880 _____ (Schneider Electric) C:\Users\Harold\fr_res.dll
2017-02-01 13:30 - 2017-02-01 13:30 - 00021368 _____ (Schneider Electric) C:\Users\Harold\pt_res.dll
2017-02-01 13:30 - 2017-02-01 13:30 - 00021368 _____ (Schneider Electric) C:\Users\Harold\it_res.dll
2017-02-01 13:30 - 2017-02-01 13:30 - 00021368 _____ (Schneider Electric) C:\Users\Harold\es_res.dll
2017-02-01 13:30 - 2017-02-01 13:30 - 00021368 _____ (Schneider Electric) C:\Users\Harold\en_res.dll
2017-02-01 13:30 - 2017-02-01 13:30 - 00020856 _____ (Schneider Electric) C:\Users\Harold\ru_res.dll
2017-02-01 13:30 - 2017-02-01 13:30 - 00020344 _____ (Schneider Electric) C:\Users\Harold\jp_res.dll
2017-02-01 13:30 - 2017-02-01 13:30 - 00019832 _____ (Schneider Electric) C:\Users\Harold\zh_res.dll
2017-02-01 13:30 - 2017-02-01 13:30 - 00018808 _____ C:\Users\Harold\ResourceReader.dll
2017-02-01 13:30 - 2017-02-01 13:30 - 00000550 _____ C:\Users\Harold\Microsoft.VC80.MFC.manifest
2017-02-01 13:30 - 2017-02-01 13:30 - 00000522 _____ C:\Users\Harold\Microsoft.VC80.CRT.manifest
2017-02-01 13:30 - 2017-02-01 13:30 - 00000025 _____ C:\Users\Harold\dotnetfolder.txt
2017-01-28 12:05 - 2017-01-28 12:05 - 00258552 _____ C:\Users\Harold\Documents\Dana Ranch Invoice.pdf
2017-01-17 16:54 - 2017-01-17 16:54 - 00601704 _____ C:\Users\Harold\Desktop\2017 Lincoln BPY price list.pdf
2017-01-16 17:05 - 2017-01-16 17:05 - 03252467 _____ C:\Users\Harold\Desktop\FWP solicitation 2017 Wooden Fence Materials.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-03 14:09 - 2015-03-27 13:19 - 00000000 ____D C:\Exchange
2017-02-03 14:08 - 2015-03-26 21:53 - 00000000 ____D C:\Users\Harold
2017-02-03 14:03 - 2009-07-13 21:34 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-03 14:03 - 2009-07-13 21:34 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-03 13:48 - 2015-06-30 08:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-02 23:28 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2017-02-02 18:51 - 2009-07-13 21:33 - 00501776 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-02 15:49 - 2015-03-27 13:13 - 00000000 ____D C:\admin
2017-02-02 12:34 - 2009-07-13 21:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-02 12:22 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\Dism
2017-02-02 12:22 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-02 11:41 - 2015-03-30 18:55 - 00000000 ____D C:\Windows\system32\MRT
2017-02-02 11:37 - 2015-03-30 18:54 - 133456224 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-01 16:33 - 2010-11-20 14:01 - 00851110 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-01 16:33 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\inf
2017-02-01 16:25 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-01 16:23 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\NDF
2017-02-01 16:20 - 2009-07-13 19:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-01 15:41 - 2015-03-27 05:41 - 00000000 ____D C:\ProgramData\Adobe
2017-02-01 15:40 - 2015-03-27 05:42 - 00000000 ____D C:\Users\Harold\AppData\Roaming\Adobe
2017-02-01 15:40 - 2015-03-27 05:42 - 00000000 ____D C:\Users\Harold\AppData\Local\Adobe
2017-02-01 15:37 - 2015-03-27 05:41 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-02-01 15:36 - 2015-03-27 05:41 - 00000000 ____D C:\Program Files\Adobe
2017-02-01 15:33 - 2015-06-30 08:52 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-02-01 15:33 - 2015-06-30 08:52 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-02-01 15:33 - 2015-03-30 22:04 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-01 15:20 - 2015-03-26 21:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-02-01 14:36 - 2015-04-20 16:22 - 00000000 ____D C:\Windows\Minidump
2017-02-01 14:36 - 2015-03-26 22:41 - 00000000 ____D C:\Windows\Panther
2017-02-01 14:25 - 2015-07-23 18:45 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-01 14:25 - 2015-06-02 08:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-02-01 14:25 - 2015-03-26 21:58 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-01 13:54 - 2015-06-26 14:52 - 00000000 ____D C:\Program Files\Java
2017-02-01 13:53 - 2015-06-26 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-01 13:51 - 2015-06-26 14:52 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-01-21 10:10 - 2015-03-27 14:41 - 00000000 ____D C:\QUARANTINE
 
==================== Files in the root of some directories =======
 
2015-07-23 19:19 - 2015-07-23 19:19 - 0000000 _____ () C:\Users\Harold\AppData\Local\Temp.dat
2015-04-14 16:01 - 2015-04-14 16:01 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Harold\en_res.dll
C:\Users\Harold\es_res.dll
C:\Users\Harold\fr_res.dll
C:\Users\Harold\grm_res.dll
C:\Users\Harold\it_res.dll
C:\Users\Harold\jp_res.dll
C:\Users\Harold\mfc80u.dll
C:\Users\Harold\msvcr80.dll
C:\Users\Harold\PCPE Setup.exe
C:\Users\Harold\pt_res.dll
C:\Users\Harold\ResourceReader.dll
C:\Users\Harold\ru_res.dll
C:\Users\Harold\zh_res.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-02 00:22
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:33 PM

Posted 10 February 2017 - 10:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM\...\Run: [] => [X]
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55375;https=127.0.0.1:55375
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
U3 mfeavfk01; no ImagePath
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.


If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Please let me know what problem persists with this computer.

#3 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:33 PM

Posted 10 February 2017 - 05:04 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 10-02-2017
Ran by Harold (10-02-2017 14:50:18) Run:1
Running from C:\Users\Harold\Downloads\PFT
Loaded Profiles: Harold (Available Profiles: Harold)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM\...\Run: [] => [X]
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:55375;https=127.0.0.1:55375
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
U3 mfeavfk01; no ImagePath
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File

End
*****************

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\mfeavfk01 => key removed successfully.
mfeavfk01 => service removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F} => key removed successfully.
HKU\S-1-5-21-2063570735-2526139309-3842908376-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313} => key removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8664417 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 6369023 B
Edge => 0 B
Chrome => 29798776 B
Firefox => 13589708 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 69938 B
LocalService => 125382 B
NetworkService => 79816 B
Harold => 33327124 B

RecycleBin => 16959032 B
EmptyTemp: => 111.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:52:21 ====



#4 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:33 PM

Posted 10 February 2017 - 05:46 PM

Windows Update is now working well.  Thank you.

 

Still can't browse to some secure sites on the browser (irs.gov).

 

This may be a modem/router/ISP issue?  The ISP is sending us a new modem/router because this one has two dead LAN ports, so maybe the issue will be resolved with it.

 

Is there any other recommendations to get the secure browsing fixed?



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:33 PM

Posted 11 February 2017 - 08:54 AM

Check these recommendations.

https://www.irs.gov/individuals/system-requirements

Edited by nasdaq, 12 February 2017 - 09:10 AM.


#6 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:33 PM

Posted 11 February 2017 - 11:05 AM

I will check those requirements when I get back to that computer next week.

 

Will post to let you know my results.

 

Thanks...have a good weekend.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:33 PM

Posted 17 February 2017 - 08:47 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#8 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:33 PM

Posted 17 February 2017 - 11:47 AM

All is well.  Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users