Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

In Firefox keep seeing popups, links redirected and homepage changed


  • This topic is locked This topic is locked
17 replies to this topic

#1 damien_karras

damien_karras

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 04 March 2017 - 02:43 AM

I generated this log on behalf of a busy friend who claims to have been infected by a virus. She claims that when she opens her Firefox browser, the result is insane amounts of pop-ups and redirected links. I didn't open Firefox myself personally to confirm this. I just generated the reports using HiJack This and FRST64. Anyway, here are the results. If anyone here has a free moment to take a look I would appreciate it:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-03-2017
Ran by Annette (administrator) on ANNETTE-HP (04-03-2017 02:23:37)
Running from F:\
Loaded Profiles: Annette (Available Profiles: Annette)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Optimal Software s.r.o.) C:\Program Files (x86)\PC Speed Up\PCSUService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Optimal Software s.r.o.) C:\Program Files (x86)\PC Speed Up\SpeedCheckerService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_5\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
Failed to access process -> HijackThis.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1473024 2016-10-21] (Realtek Semiconductor)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3485294070-3855434222-705467683-1001\...\MountPoints2: {8c26d434-bafa-11e6-bc82-68b59964825f} - G:\VZW_Software_upgrade_assistant.exe
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{44188F45-889E-46E2-A000-151CFA506B97}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3485294070-3855434222-705467683-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3485294070-3855434222-705467683-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {B40158A9-00A9-4072-8CD6-7B1AACF5DEDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {66088B74-D4B2-4950-A068-2D9A774923A4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {A5B3734C-DA70-4D26-95E8-31553AA8DB5D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {AC593F5D-410E-4519-B9B4-F994A27231CC} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {B40158A9-00A9-4072-8CD6-7B1AACF5DEDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {B40158A9-00A9-4072-8CD6-7B1AACF5DEDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {66088B74-D4B2-4950-A068-2D9A774923A4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {A5B3734C-DA70-4D26-95E8-31553AA8DB5D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {AC593F5D-410E-4519-B9B4-F994A27231CC} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {B40158A9-00A9-4072-8CD6-7B1AACF5DEDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3485294070-3855434222-705467683-1001 -> DefaultScope {B40158A9-00A9-4072-8CD6-7B1AACF5DEDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3485294070-3855434222-705467683-1001 -> {66088B74-D4B2-4950-A068-2D9A774923A4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3485294070-3855434222-705467683-1001 -> {A5B3734C-DA70-4D26-95E8-31553AA8DB5D} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-3485294070-3855434222-705467683-1001 -> {AC593F5D-410E-4519-B9B4-F994A27231CC} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3485294070-3855434222-705467683-1001 -> {B40158A9-00A9-4072-8CD6-7B1AACF5DEDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-15] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-15] (Sun Microsystems, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-01] (Intuit, Inc.)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-11-18] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-11-18] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\pahlufw2.default-1487371187687 [2017-03-03]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\Profiles\pahlufw2.default-1487371187687\features\{9e484855-f122-4c14-a73c-ee7503b57bc2}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-02-17] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-15] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (Google Slides) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-15]
CHR Extension: (Google Docs) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-15]
CHR Extension: (Google Drive) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-15]
CHR Extension: (YouTube) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-15]
CHR Extension: (Google Sheets) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-15]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-02-15]
CHR Extension: (Google Docs Offline) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-15]
CHR Extension: (Gmail) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-15]
CHR Extension: (Chrome Media Router) - C:\Users\Annette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-19] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-19] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-08-02] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2017-02-16] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2017-02-16] (Macrovision Europe Ltd.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S4 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-30] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_5\McAPExe.exe [963176 2016-10-07] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe [1934968 2016-10-17] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1307752 2016-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1473128 2016-10-07] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [28933976 2006-04-14] (Microsoft Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [445600 2017-02-09] (Optimal Software s.r.o.) <==== ATTENTION
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-17] (Realtek Semiconductor Corp.) [File not signed]
R2 SCService; C:\Program Files (x86)\PC Speed Up\SpeedCheckerService.exe [79520 2017-02-09] (Optimal Software s.r.o.) <==== ATTENTION
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [87928 2016-08-01] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [527496 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
S3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-04 02:23 - 2017-03-04 02:23 - 00000000 ____D C:\FRST
2017-03-03 22:12 - 2017-03-03 22:12 - 3076445380 _____ C:\Windows\MEMORY.DMP
2017-03-03 22:12 - 2017-03-03 22:12 - 00280272 _____ C:\Windows\Minidump\030317-19016-01.dmp
2017-03-03 20:46 - 2017-03-03 20:46 - 00119720 _____ C:\Users\Annette\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-03 20:40 - 2017-03-03 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-03 20:07 - 2017-03-03 21:18 - 00000344 _____ C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2017-03-03 20:07 - 2017-03-03 20:07 - 00002724 _____ C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator
2017-03-03 20:07 - 2017-03-03 20:07 - 00001048 _____ C:\Users\Annette\Desktop\PC Speed Up.lnk
2017-03-03 20:07 - 2017-03-03 20:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
2017-03-03 20:06 - 2017-03-04 02:01 - 00000000 ____D C:\Program Files (x86)\PC Speed Up
2017-03-03 20:04 - 2017-03-03 20:10 - 00000000 ____D C:\Users\Annette\AppData\Local\FindIp
2017-03-03 19:51 - 2017-03-03 19:53 - 00440104 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-21 13:49 - 2017-02-21 13:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-21 13:49 - 2017-02-21 13:49 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-17 18:52 - 2017-02-17 18:52 - 00001405 _____ C:\Users\Public\Desktop\Google Cloud Print Setup.lnk
2017-02-17 18:47 - 2017-03-04 01:47 - 00000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {B35C0B14-93F8-4851-9F83-57FBC37B2B5E}.job
2017-02-17 18:47 - 2017-03-04 01:47 - 00000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {AB9F4488-66A8-4C53-9C82-A58575E79813}.job
2017-02-17 18:47 - 2017-03-04 01:47 - 00000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {B35C0B14-93F8-4851-9F83-57FBC37B2B5E}.job
2017-02-17 18:47 - 2017-03-04 01:47 - 00000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {AB9F4488-66A8-4C53-9C82-A58575E79813}.job
2017-02-17 18:47 - 2017-02-17 18:47 - 00003978 _____ C:\Windows\System32\Tasks\EPSON WF-3640 Series Update {B35C0B14-93F8-4851-9F83-57FBC37B2B5E}
2017-02-17 18:47 - 2017-02-17 18:47 - 00003978 _____ C:\Windows\System32\Tasks\EPSON WF-3640 Series Update {AB9F4488-66A8-4C53-9C82-A58575E79813}
2017-02-17 18:47 - 2017-02-17 18:47 - 00003792 _____ C:\Windows\System32\Tasks\EPSON WF-3640 Series Invitation {B35C0B14-93F8-4851-9F83-57FBC37B2B5E}
2017-02-17 18:47 - 2017-02-17 18:47 - 00003792 _____ C:\Windows\System32\Tasks\EPSON WF-3640 Series Invitation {AB9F4488-66A8-4C53-9C82-A58575E79813}
2017-02-17 18:02 - 2017-02-17 18:02 - 00000165 _____ C:\Users\Public\Desktop\Epson WF-3640 User’s Guide.url
2017-02-17 18:01 - 2017-02-17 18:01 - 00000000 ____D C:\Program Files\EPSON
2017-02-17 18:00 - 2017-02-17 18:00 - 00000930 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2017-02-17 18:00 - 2017-02-17 18:00 - 00000000 ____D C:\Program Files\EpsonNet
2017-02-17 18:00 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2017-02-17 18:00 - 2012-05-17 00:00 - 00144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2017-02-17 17:54 - 2017-02-17 17:55 - 20686840 _____ C:\Users\Annette\Downloads\epson18657.exe
2017-02-17 17:53 - 2017-02-17 17:55 - 160417720 _____ C:\Users\Annette\Downloads\epson15405.exe
2017-02-17 17:39 - 2017-02-17 17:39 - 00000000 ____D C:\Users\Annette\Desktop\Old Firefox Data
2017-02-17 17:09 - 2017-02-17 17:09 - 00000000 ____D C:\Users\Annette\Documents\Add-in Express
2017-02-17 14:55 - 2017-02-17 14:55 - 00002044 _____ C:\Users\Public\Desktop\McAfee Multi Access - Total Protection.lnk
2017-02-17 14:54 - 2017-03-04 02:02 - 00000000 __RSD C:\Users\Annette\Documents\McAfee Vaults
2017-02-17 14:54 - 2017-02-17 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-17 14:54 - 2017-02-17 14:54 - 00000000 ____D C:\Users\Annette\AppData\Local\McAfee File Lock
2017-02-17 14:54 - 2016-08-01 19:39 - 00087928 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2017-02-17 14:53 - 2016-08-02 01:03 - 00216704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2017-02-17 14:52 - 2017-02-17 14:52 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-02-17 14:52 - 2017-02-17 14:52 - 00000000 ____D C:\ProgramData\Intel Security
2017-02-17 14:51 - 2017-02-17 14:51 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-02-17 14:50 - 2017-02-17 14:54 - 00000000 ____D C:\Program Files\McAfee
2017-02-17 14:50 - 2017-02-17 14:50 - 00000000 ____D C:\Program Files\McAfee.com
2017-02-17 14:50 - 2017-02-17 14:50 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2017-02-17 14:49 - 2017-03-03 22:13 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-17 14:49 - 2017-02-17 15:50 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-02-17 14:49 - 2017-02-17 14:49 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-17 14:41 - 2017-02-17 14:53 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-02-17 14:41 - 2017-02-17 14:41 - 08561256 _____ (McAfee, Inc.) C:\Users\Annette\Downloads\Setup_serial_Fii_Qs_zyQm5Tw1-zFdxow2_key.exe
2017-02-17 14:41 - 2016-09-08 15:15 - 00331280 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2017-02-17 14:29 - 2017-02-17 14:29 - 00000000 ____D C:\Users\Annette\AppData\Local\AnonymizerLauncher
2017-02-17 14:29 - 2017-02-17 14:29 - 00000000 ____D C:\Users\Annette\.proxycheck
2017-02-17 14:29 - 2017-02-17 14:29 - 00000000 ____D C:\Users\Annette\.AnonymizerLauncher
2017-02-17 14:29 - 2017-02-17 14:29 - 00000000 _____ C:\Windows\system32\__0000000141F6C8AD__C0000005.dmp
2017-02-17 14:27 - 2017-02-17 14:36 - 00000000 ____D C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-02-17 14:27 - 2017-02-17 14:29 - 00000000 ____D C:\Windows\system32\SSL
2017-02-17 14:26 - 2017-02-17 14:34 - 00000000 ____D C:\Users\Annette\AppData\Roaming\AGData
2017-02-17 14:26 - 2017-02-17 14:34 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-02-17 14:26 - 2017-02-17 14:33 - 00000000 ____D C:\Users\Annette\AppData\Local\AppTrailers
2017-02-17 14:26 - 2017-02-17 14:26 - 00020480 _____ C:\Users\Annette\AppData\Local\ffdvox.dll
2017-02-17 14:26 - 2017-02-17 14:26 - 00000000 ____D C:\Users\Annette\AppData\Roaming\InstantSupport
2017-02-17 14:25 - 2017-03-03 20:04 - 00000000 ____D C:\ProgramData\vCore
2017-02-17 14:25 - 2017-02-17 14:26 - 00000000 ____D C:\Program Files (x86)\InstallPrepared
2017-02-17 14:25 - 2017-02-17 14:25 - 00001437 ___RS C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Еxрlorеr.lnk
2017-02-17 14:25 - 2017-02-17 14:25 - 00001255 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firеfоx.lnk
2017-02-17 14:25 - 2017-02-17 14:25 - 00001253 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Chrоme.lnk
2017-02-17 14:25 - 2017-02-17 14:25 - 00001225 ___RS C:\Users\Public\Desktop\Моzillа Firеfoх.lnk
2017-02-17 14:25 - 2017-02-17 14:25 - 00001090 _____ C:\Users\Annette\Desktop\Play Warframe.lnk
2017-02-17 14:25 - 2017-02-17 14:25 - 00000000 ____D C:\Users\Annette\AppData\Roaming\SPI
2017-02-17 14:25 - 2017-02-17 14:25 - 00000000 ____D C:\Users\Annette\AppData\Roaming\Browsers
2017-02-17 14:25 - 2016-03-24 09:09 - 00000181 _____ C:\Users\Annette\Desktop\Video Box - Download any video online.url
2017-02-17 14:23 - 2017-02-17 17:10 - 00000000 ____D C:\ProgramData\WinZip
2017-02-17 14:23 - 2017-02-17 14:23 - 00000000 ____D C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
2017-02-17 14:22 - 2017-02-17 14:22 - 00000000 ____D C:\ProgramData\UniqueId
2017-02-17 14:21 - 2017-02-17 14:21 - 00943150 _____ C:\Users\Annette\Downloads\Uniblue_PowerSuite_2017_Crack_Updated.rar
2017-02-17 14:21 - 2017-02-17 14:21 - 00723024 _____ (WinZip Computing, S.L.) C:\Users\Annette\Downloads\winzip21.exe
2017-02-17 14:08 - 2017-02-17 14:08 - 01186624 _____ (Uniblue Systems Limited ) C:\Users\Annette\Downloads\powersuite.exe
2017-02-17 12:28 - 2017-02-17 12:28 - 04887847 _____ C:\Users\Annette\Downloads\10698 REV 15-334(2).pdf
2017-02-17 10:56 - 2017-02-17 10:56 - 02956983 _____ C:\Windows\4ed60126f4ec37af15d73daf941bebce.exe
2017-02-17 10:08 - 2017-02-17 10:08 - 00391127 _____ C:\Users\Annette\Downloads\L&HbcB.pdf
2017-02-17 09:55 - 2017-02-17 09:55 - 08561256 _____ (McAfee, Inc.) C:\Users\Annette\Downloads\Setup_serial_i9ILozU-l2UZFAcHoKvo7w2_key.exe
2017-02-17 09:49 - 2017-02-17 09:49 - 00244076 _____ C:\Users\Annette\Downloads\open_house.pdf
2017-02-16 12:59 - 2017-02-16 12:59 - 00234492 _____ C:\Users\Annette\Downloads\Invoice 0000008264.PDF
2017-02-16 12:47 - 2017-03-04 02:17 - 00000282 _____ C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2017-02-16 12:47 - 2017-03-04 01:59 - 00000290 _____ C:\Windows\Tasks\SpeedUpMyPC Startup.job
2017-02-16 12:47 - 2017-02-16 12:48 - 00002590 _____ C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2017-02-16 12:47 - 2017-02-16 12:47 - 00003228 _____ C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2017-02-16 12:47 - 2017-02-16 12:47 - 00001165 _____ C:\Users\Public\Desktop\SpeedUpMyPC.lnk
2017-02-16 11:16 - 2011-02-22 18:33 - 00052736 _____ (Motorola Solutions, Inc.) C:\Windows\system32\Drivers\btmcom.sys
2017-02-16 11:15 - 2017-02-16 11:15 - 00001794 _____ C:\Users\Public\Desktop\My Bluetooth.lnk
2017-02-16 11:15 - 2017-02-16 11:15 - 00000000 ____D C:\Program Files\Motorola
2017-02-16 11:15 - 2011-03-23 12:08 - 00663936 _____ (Motorola Solutions, Inc.) C:\Windows\system32\Drivers\btmusb.sys
2017-02-16 11:15 - 2011-03-17 18:48 - 00008784 _____ (Motorola Solutions, Inc.) C:\Windows\system32\btmsstverschk.dll
2017-02-16 11:15 - 2011-02-22 18:42 - 00326736 _____ (Motorola Solutions, Inc.) C:\Windows\system32\btmcls.dll
2017-02-16 11:14 - 2017-02-16 11:14 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2017-02-16 11:09 - 2017-02-16 11:09 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-02-16 11:09 - 2017-02-16 11:09 - 00000000 ____D C:\Windows\system32\DAX2
2017-02-16 11:07 - 2016-10-21 04:32 - 15202040 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2017-02-16 11:07 - 2016-10-21 04:31 - 03299824 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2017-02-16 11:07 - 2016-10-21 04:31 - 02190984 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2017-02-16 11:07 - 2016-10-21 04:31 - 01382240 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2017-02-16 11:07 - 2016-10-21 04:31 - 01337648 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2017-02-16 11:07 - 2016-10-21 04:31 - 00962128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2017-02-16 11:07 - 2016-10-21 04:31 - 00873464 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2017-02-16 11:07 - 2016-10-21 04:31 - 00601152 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2017-02-16 11:07 - 2016-10-21 04:31 - 00571384 _____ (Intel Corporation) C:\Windows\system32\tbb_waves.dll
2017-02-16 11:07 - 2016-10-21 04:31 - 00447184 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2017-02-16 11:07 - 2016-10-21 04:31 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2017-02-16 11:07 - 2016-10-21 04:31 - 00158704 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2017-02-16 11:07 - 2016-10-21 04:30 - 01435144 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2017-02-16 11:07 - 2016-10-21 04:30 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2017-02-16 11:07 - 2016-10-21 04:30 - 00467168 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2017-02-16 11:07 - 2016-10-21 04:30 - 00341152 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2017-02-16 11:07 - 2016-10-21 04:30 - 00341152 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2017-02-16 11:07 - 2016-10-21 04:30 - 00221968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2017-02-16 11:07 - 2016-10-21 04:30 - 00209536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2017-02-16 11:07 - 2016-10-21 04:29 - 02203752 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2017-02-16 11:07 - 2016-10-21 04:29 - 01003336 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2017-02-16 11:07 - 2016-10-21 04:29 - 00965032 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2017-02-16 11:07 - 2016-10-21 04:29 - 00859232 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2017-02-16 11:07 - 2016-10-21 04:29 - 00231920 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2017-02-16 11:07 - 2016-10-21 04:29 - 00090920 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2017-02-16 11:07 - 2016-10-21 04:29 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2017-02-16 11:07 - 2016-10-21 04:28 - 03283248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-02-16 11:07 - 2016-10-21 04:28 - 00865920 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2017-02-16 11:07 - 2016-10-21 04:28 - 00850416 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2017-02-16 11:07 - 2016-10-21 04:28 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2017-02-16 11:07 - 2016-10-21 04:28 - 00499160 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2017-02-16 11:07 - 2016-10-21 04:28 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2017-02-16 11:07 - 2016-10-21 04:28 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-02-16 11:07 - 2016-10-21 04:28 - 00214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2017-02-16 11:07 - 2016-10-21 04:28 - 00192984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-02-16 11:07 - 2016-10-21 04:28 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2017-02-16 11:07 - 2016-10-21 04:27 - 06198144 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2017-02-16 11:07 - 2016-10-21 04:27 - 03190560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2017-02-16 11:07 - 2016-10-21 04:27 - 02819632 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2017-02-16 11:07 - 2016-10-21 04:27 - 01360528 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-02-16 11:07 - 2016-10-21 04:27 - 00447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2017-02-16 11:07 - 2016-10-21 04:27 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-02-16 11:07 - 2016-10-21 04:27 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-02-16 11:07 - 2016-10-21 04:27 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2017-02-16 11:07 - 2016-10-21 04:27 - 00134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2017-02-16 11:07 - 2016-10-21 04:27 - 00084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2017-02-16 11:07 - 2016-10-21 04:26 - 05793528 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2017-02-16 11:07 - 2016-10-21 04:26 - 05593616 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2017-02-16 11:07 - 2016-10-21 04:26 - 00923744 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2017-02-16 11:07 - 2016-10-21 04:25 - 13122584 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2017-02-16 11:07 - 2016-10-21 04:25 - 12988352 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2017-02-16 11:07 - 2016-10-21 04:25 - 01334384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2017-02-16 11:07 - 2016-10-21 04:25 - 00677672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2017-02-16 11:07 - 2016-10-21 04:24 - 23547552 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRenderAVX64.dll
2017-02-16 11:07 - 2016-10-21 04:24 - 23447360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRender64.dll
2017-02-16 11:07 - 2016-10-21 04:24 - 02825104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2017-02-16 11:07 - 2016-10-21 04:23 - 10532056 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2017-02-16 11:07 - 2016-10-21 04:23 - 01422928 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2017-02-16 11:07 - 2016-10-21 04:23 - 01213664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2017-02-16 11:07 - 2016-10-21 04:23 - 01166168 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2017-02-16 11:07 - 2016-10-21 04:23 - 00678184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2017-02-16 11:07 - 2016-10-21 04:23 - 00618192 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2017-02-16 11:07 - 2016-10-21 04:23 - 00330568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2017-02-16 11:07 - 2016-10-21 04:22 - 03295072 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2017-02-16 11:07 - 2016-10-21 04:22 - 00472312 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2017-02-16 11:07 - 2016-10-21 04:22 - 00366128 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2017-02-16 11:07 - 2016-10-21 04:22 - 00360352 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2017-02-16 11:07 - 2016-10-21 04:22 - 00203848 _____ (Harman) C:\Windows\system32\HMHVS.dll
2017-02-16 11:07 - 2016-10-21 04:22 - 00190944 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2017-02-16 11:07 - 2016-10-21 04:22 - 00190936 _____ (Harman) C:\Windows\system32\HMEQ.dll
2017-02-16 11:07 - 2016-10-21 04:22 - 00179608 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2017-02-16 11:07 - 2016-10-21 04:14 - 02110600 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2017-02-16 11:07 - 2016-10-21 04:13 - 05371912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2017-02-16 11:07 - 2016-10-21 04:13 - 03203584 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-02-16 11:07 - 2016-10-21 04:13 - 03014152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-02-16 11:07 - 2016-10-21 04:13 - 00258864 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2017-02-16 11:07 - 2016-10-21 04:12 - 72520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2017-02-16 11:07 - 2016-10-21 04:12 - 02201096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-02-16 11:07 - 2016-10-21 04:12 - 00023696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-02-16 11:07 - 2016-10-21 04:11 - 14057256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2017-02-16 11:07 - 2016-10-21 04:11 - 01003864 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2017-02-16 11:07 - 2016-10-21 04:10 - 02050184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2017-02-16 11:07 - 2016-10-21 04:10 - 01186824 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2017-02-16 11:07 - 2016-10-21 04:10 - 00372744 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2017-02-16 11:07 - 2016-10-21 04:10 - 00154368 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2017-02-16 11:07 - 2016-10-21 04:06 - 17398624 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioCapture64.dll
2017-02-16 11:07 - 2016-10-21 04:06 - 02706864 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2017-02-16 11:07 - 2016-10-21 04:06 - 01041744 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2017-02-16 11:07 - 2016-10-21 04:06 - 00999864 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2017-02-16 11:07 - 2016-10-21 04:06 - 00721808 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2017-02-16 11:07 - 2016-10-21 04:06 - 00381416 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2017-02-16 11:07 - 2016-10-21 04:06 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2017-02-16 11:07 - 2016-10-21 04:06 - 00088328 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2017-02-16 11:07 - 2016-10-21 04:06 - 00075544 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2017-02-16 11:07 - 2016-10-21 04:00 - 07172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2017-02-16 11:07 - 2016-10-21 04:00 - 00931624 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2017-02-16 11:07 - 2016-10-21 04:00 - 00416512 _____ (Harman) C:\Windows\system32\HMUI.dll
2017-02-16 11:07 - 2016-10-21 01:35 - 07310217 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-02-16 11:07 - 2016-10-21 01:35 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2017-02-16 11:07 - 2016-10-21 01:35 - 01921016 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2017-02-16 11:06 - 2016-10-21 04:22 - 00708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2017-02-16 11:06 - 2016-10-21 04:22 - 00428232 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 01591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 01508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 00514528 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 00500560 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 00445400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 00253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 00253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2017-02-16 11:06 - 2016-10-21 04:21 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2017-02-16 11:06 - 2016-10-21 04:20 - 02439048 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2017-02-16 11:06 - 2016-10-21 04:20 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2017-02-16 11:06 - 2016-10-21 04:20 - 01959608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2017-02-16 11:06 - 2016-10-21 04:20 - 01618264 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2017-02-16 11:06 - 2016-10-21 04:20 - 01529144 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll
2017-02-16 11:06 - 2016-10-21 04:20 - 00362056 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2017-02-16 11:06 - 2016-10-21 04:20 - 00327456 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2017-02-16 11:06 - 2016-10-21 04:20 - 00310424 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2017-02-16 11:06 - 2016-10-21 04:20 - 00272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2017-02-16 11:06 - 2016-10-21 04:19 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2017-02-16 11:06 - 2016-10-21 04:19 - 00438696 _____ (Conexant Systems, Inc.) C:\Windows\system32\CAF64APO2.dll
2017-02-16 11:06 - 2016-10-21 04:19 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2017-02-16 11:06 - 2016-10-21 04:09 - 01115144 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2017-02-16 11:06 - 2016-10-21 04:09 - 00122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-02-16 11:06 - 2016-10-21 04:08 - 00118592 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2017-02-16 11:06 - 2016-10-21 04:08 - 00105312 _____ C:\Windows\system32\audioLibVc.dll
2017-02-16 11:06 - 2016-10-21 04:06 - 05341360 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2017-02-16 11:06 - 2016-10-21 04:06 - 00112496 _____ (Conexant Systems, Inc.) C:\Windows\system32\Caf64api.dll
2017-02-16 11:06 - 2016-10-21 04:00 - 07096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2017-02-16 11:06 - 2016-10-21 04:00 - 06264640 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2017-02-16 11:06 - 2016-10-21 01:34 - 00005604 _____ C:\Windows\system32\cxapo.lncs
2017-02-16 11:06 - 2016-10-21 01:34 - 00000736 _____ C:\Windows\system32\cxapo.prop
2017-02-16 10:30 - 2017-03-04 01:58 - 00000344 _____ C:\Windows\Tasks\dsmonitor.job
2017-02-16 10:30 - 2017-02-17 14:31 - 00000000 ____D C:\Users\Annette\AppData\Roaming\Uniblue
2017-02-16 10:30 - 2017-02-17 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2017-02-16 10:30 - 2017-02-17 14:31 - 00000000 ____D C:\Program Files (x86)\Uniblue
2017-02-16 10:30 - 2017-02-16 10:30 - 00002516 _____ C:\Windows\System32\Tasks\dsmonitor
2017-02-16 10:30 - 2017-02-16 10:30 - 00001189 _____ C:\Users\Public\Desktop\DriverScanner.lnk
2017-02-16 10:30 - 2017-02-16 10:30 - 00000000 ____D C:\ProgramData\Uniblue
2017-02-16 10:28 - 2017-02-16 10:28 - 08024216 _____ (Uniblue Systems Ltd ) C:\Users\Annette\Downloads\driverscanner.exe
2017-02-15 16:27 - 2017-02-15 16:27 - 01716826 _____ C:\Users\Annette\Downloads\31ZE2601.pdf
2017-02-15 15:19 - 2017-02-15 15:19 - 00142401 _____ C:\Users\Annette\Downloads\Diet Guidebook for Laparoscopic Gastric Bypass.pdf
2017-02-15 15:13 - 2017-02-15 15:13 - 01072976 _____ (SafeBytes Software Inc.) C:\Users\Annette\Downloads\DriverAssist-Setup.exe
2017-02-15 15:13 - 2017-02-15 15:13 - 01072976 _____ (SafeBytes Software Inc.) C:\Users\Annette\Downloads\DriverAssist-Setup(1).exe
2017-02-15 14:21 - 2017-02-15 14:22 - 02864387 _____ C:\Users\Annette\Downloads\BillingDocument.pdf
2017-02-15 13:01 - 2017-02-17 10:44 - 00000000 ____D C:\Program Files\CCleaner
2017-02-15 13:01 - 2017-02-15 13:01 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-02-15 13:01 - 2017-02-15 13:01 - 00002267 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-15 13:01 - 2017-02-15 13:01 - 00002255 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-15 13:01 - 2017-02-15 13:01 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-15 13:01 - 2017-02-15 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-15 13:00 - 2017-02-15 13:06 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-15 12:59 - 2017-02-15 13:08 - 00000000 ____D C:\Users\Annette\AppData\Local\Google
2017-02-15 12:59 - 2017-02-15 13:06 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-15 12:59 - 2017-02-15 13:01 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-15 12:59 - 2017-02-15 12:59 - 09207552 _____ (Piriform Ltd) C:\Users\Annette\Downloads\ccsetup525_protrial.exe
2017-02-14 14:56 - 2017-02-14 14:56 - 00311032 _____ C:\Users\Annette\Downloads\0L4102(1)
2017-02-14 11:12 - 2017-02-14 11:13 - 02689816 _____ C:\Users\Annette\Downloads\RotaryDealerLocatorOpt-In.pdf
2017-02-14 10:56 - 2017-02-14 10:56 - 06360746 _____ C:\Users\Annette\Downloads\2017 RedMax Program. Rev 1pdf.pdf
2017-02-13 14:58 - 2017-02-13 14:58 - 01453623 _____ C:\Users\Annette\Downloads\2017_SAI_CreditApplication.pdf
2017-02-13 12:57 - 2017-02-13 12:57 - 00422007 _____ C:\Users\Annette\Downloads\anj6(1).pdf
2017-02-13 12:53 - 2017-02-13 12:53 - 00060883 _____ C:\Users\Annette\Downloads\anj6_1100.pdf
2017-02-13 12:45 - 2017-02-13 12:46 - 04887847 _____ C:\Users\Annette\Downloads\10698 REV 15-334(1).pdf
2017-02-13 12:33 - 2017-02-13 12:34 - 04887847 _____ C:\Users\Annette\Downloads\10698 REV 15-334.pdf
2017-02-13 11:57 - 2017-02-13 11:57 - 00422007 _____ C:\Users\Annette\Downloads\anj6.pdf
2017-02-13 11:43 - 2017-02-13 11:43 - 00112889 _____ C:\Users\Annette\Downloads\1b0bc3.pdf
2017-02-13 10:45 - 2017-02-13 10:45 - 03831178 _____ C:\Users\Annette\Downloads\Common_QB_Mistakes.pdf
2017-02-10 14:39 - 2017-02-10 14:39 - 00235598 _____ C:\Users\Annette\Downloads\Youth Loads(1).pdf
2017-02-10 14:32 - 2017-02-10 14:32 - 09980847 _____ C:\Users\Annette\Downloads\Alliant_2014.pdf
2017-02-10 14:30 - 2017-02-10 14:30 - 06890175 _____ C:\Users\Annette\Downloads\Hercules_1992.pdf
2017-02-10 14:30 - 2017-02-10 14:30 - 00559095 _____ C:\Users\Annette\Downloads\Hercules_1987.pdf
2017-02-10 14:28 - 2017-02-10 14:28 - 11061870 _____ C:\Users\Annette\Downloads\IdealHandbook38.pdf
2017-02-10 14:28 - 2017-02-10 14:28 - 00235598 _____ C:\Users\Annette\Downloads\Youth_Loads.pdf
2017-02-10 14:27 - 2017-02-10 14:27 - 00044743 _____ C:\Users\Annette\Downloads\Hodgdon H4895 reduced rifle load.pdf
2017-02-10 14:06 - 2017-02-10 14:06 - 00091998 _____ C:\Users\Annette\Downloads\h4895-reduced-rifle-loads.pdf
2017-02-10 13:42 - 2017-02-10 13:42 - 00053080 _____ C:\Users\Annette\Downloads\Hodgdonreduced.pdf
2017-02-10 13:39 - 2017-02-10 13:39 - 00235598 _____ C:\Users\Annette\Downloads\Youth Loads.pdf
2017-02-09 03:33 - 2017-02-09 03:33 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-09 03:33 - 2017-02-09 03:33 - 00046184 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-08 14:44 - 2017-02-08 14:44 - 00044134 _____ C:\Users\Annette\Downloads\POWDER-PRESSURE-REGULATION.pdf
2017-02-08 09:08 - 2017-02-08 09:08 - 01273709 _____ C:\Users\Annette\Downloads\30-06SpringfieldV9ForWeb(1).pdf
2017-02-08 09:07 - 2017-02-08 09:08 - 01273709 _____ C:\Users\Annette\Downloads\30-06SpringfieldV9ForWeb.pdf
2017-02-07 12:44 - 2017-02-07 12:44 - 00070022 _____ C:\Users\Annette\Downloads\1b065e.pdf
2017-02-07 11:47 - 2017-02-07 11:47 - 00121187 _____ C:\Users\Annette\Downloads\ServiceSimpleStart.pdf
2017-02-07 09:55 - 2017-02-07 09:56 - 01396686 _____ C:\Users\Annette\Downloads\Manual_Engine_Diagnostic_Tool_English.pdf
2017-02-06 19:15 - 2017-02-06 19:15 - 07094347 _____ C:\Users\Annette\Downloads\Swisher_22inch_String_Trimmer.pdf
2017-02-06 18:18 - 2017-02-06 18:18 - 00937117 _____ C:\Users\Annette\Downloads\OTRIMSTD03_REV_04_096.pdf
2017-02-06 16:28 - 2017-02-06 16:28 - 00810259 _____ C:\Users\Annette\Downloads\MTD-179.pdf
2017-02-06 16:23 - 2017-02-06 16:23 - 00085696 _____ C:\Users\Annette\Downloads\mtd-137(1).pdf
2017-02-06 16:06 - 2017-02-06 16:06 - 00311032 _____ C:\Users\Annette\Downloads\0L4102
2017-02-06 15:25 - 2017-02-06 15:25 - 00066807 _____ C:\Users\Annette\Documents\img20170206_15255265.pdf
2017-02-06 15:21 - 2017-02-06 15:21 - 00119331 _____ C:\Users\Annette\Downloads\W-9 Form (Rev December 2014)(1).pdf
2017-02-06 15:04 - 2017-02-06 15:04 - 00119331 _____ C:\Users\Annette\Downloads\W-9 Form (Rev December 2014).pdf
2017-02-03 16:32 - 2017-02-03 16:32 - 00145609 _____ C:\Users\Annette\Downloads\W9(3).pdf
2017-02-03 14:28 - 2017-02-03 14:28 - 00212675 _____ C:\Users\Annette\Downloads\Document 41114.pdf
2017-02-03 14:05 - 2017-02-03 14:05 - 00502894 _____ C:\Users\Annette\Downloads\SARDINAdoc.1.pdf
2017-02-03 13:38 - 2017-02-03 13:38 - 01218192 _____ C:\Users\Annette\Downloads\Hopatcong Ambulance Squad.pdf
2017-02-03 13:31 - 2017-02-03 13:31 - 00071056 _____ C:\Users\Annette\Downloads\Rita Russomano's Party Contract 2017 (1).pdf
2017-02-03 13:31 - 2017-02-03 13:31 - 00071056 _____ C:\Users\Annette\Downloads\Rita Russomano's Party Contract 2017 (1)(1).pdf
2017-02-03 11:03 - 2017-02-03 11:03 - 00035842 _____ C:\Users\Annette\Downloads\No Insurance 2017-02-03.pdf
2017-02-03 10:19 - 2017-02-03 10:19 - 00145609 _____ C:\Users\Annette\Downloads\W9(2).pdf
2017-02-02 19:52 - 2017-02-02 19:53 - 03628857 _____ C:\Users\Annette\Downloads\769-10790.pdf
2017-02-02 19:52 - 2017-02-02 19:52 - 01139086 _____ C:\Users\Annette\Downloads\778-12284c.pdf
2017-02-02 19:43 - 2017-02-02 19:43 - 01710077 _____ C:\Users\Annette\Downloads\769-06052b.pdf
2017-02-02 19:34 - 2017-02-02 19:34 - 01593804 _____ C:\Users\Annette\Downloads\769-06052f.pdf
2017-02-02 19:32 - 2017-02-02 19:32 - 05033122 _____ C:\Users\Annette\Downloads\769-10896.pdf
2017-02-02 19:24 - 2017-02-02 19:24 - 05802872 _____ C:\Users\Annette\Downloads\769_04015_01_Small_bore_horizontal.pdf
2017-02-02 19:22 - 2017-02-02 19:22 - 00080231 _____ C:\Users\Annette\Downloads\769-11533_E.pdf
2017-02-02 19:19 - 2017-02-02 19:19 - 04161066 _____ C:\Users\Annette\Downloads\769-02087_UP_200_Snow.pdf
2017-02-02 19:18 - 2017-02-02 19:18 - 02223780 _____ C:\Users\Annette\Downloads\769-01417_SM_snow_31AS250-700.pdf
2017-02-02 19:18 - 2017-02-02 19:18 - 01837680 _____ C:\Users\Annette\Downloads\769_06345_snow_flurry.pdf
2017-02-02 19:10 - 2017-02-02 19:10 - 00085696 _____ C:\Users\Annette\Downloads\mtd-137.pdf
2017-02-02 18:48 - 2017-02-02 18:48 - 00104419 _____ C:\Users\Annette\Downloads\1afe3f.pdf
2017-02-02 14:14 - 2017-02-02 14:14 - 00581336 _____ C:\Users\Annette\Downloads\a0079a48b0c8172e5e76ce711fae41b1
2017-02-02 11:59 - 2017-02-02 11:59 - 00581336 _____ C:\Users\Annette\Downloads\massagers.pdf
2017-02-02 11:59 - 2017-02-02 11:59 - 00581336 _____ C:\Users\Annette\Downloads\massagers(1).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-04 02:23 - 2017-01-19 11:38 - 00000000 ___RD C:\Users\Annette\Dropbox
2017-03-04 02:07 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-04 02:07 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-04 01:58 - 2017-01-19 11:32 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-04 01:58 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-04 01:50 - 2016-08-15 14:50 - 00000000 ____D C:\Users\Annette\AppData\Local\VirtualStore
2017-03-04 01:47 - 2016-09-24 15:47 - 00000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {79073890-AF25-49DC-BF27-524A31FC23BE}.job
2017-03-04 01:47 - 2016-09-24 15:47 - 00000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {79073890-AF25-49DC-BF27-524A31FC23BE}.job
2017-03-04 01:47 - 2009-07-14 00:13 - 00847474 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-04 01:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-03-04 01:38 - 2017-01-19 11:32 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-04 01:37 - 2016-10-25 10:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-03 22:12 - 2017-01-10 13:17 - 00000000 ____D C:\Windows\Minidump
2017-03-03 21:17 - 2010-07-15 16:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-03 20:40 - 2017-01-19 11:32 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-03 20:06 - 2016-10-25 10:34 - 00000000 ____D C:\ProgramData\McAfee
2017-03-03 20:06 - 2010-07-15 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-03 19:54 - 2016-10-18 16:29 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2017-02-18 09:36 - 2016-10-02 10:24 - 00000000 ____D C:\Users\Annette\Desktop\L&H busniess
2017-02-18 09:33 - 2016-11-15 11:34 - 00000000 ____D C:\Users\Annette\AppData\LocalLow\Mozilla
2017-02-17 18:52 - 2016-09-24 15:34 - 00000000 ____D C:\Users\Annette\AppData\Roaming\Epson
2017-02-17 18:49 - 2016-09-24 15:32 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2017-02-17 18:49 - 2016-09-24 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-02-17 18:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-17 18:02 - 2016-09-24 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-02-17 18:02 - 2016-09-24 15:31 - 00000000 ____D C:\Program Files (x86)\epson
2017-02-17 18:02 - 2010-07-15 14:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-17 17:19 - 2016-10-25 10:34 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-17 17:19 - 2010-07-15 14:41 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-17 14:29 - 2016-08-15 14:50 - 00000000 ____D C:\Users\Annette
2017-02-17 14:25 - 2010-09-10 13:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2017-02-17 09:44 - 2016-09-29 15:37 - 00000000 ____D C:\Users\Annette\AppData\Local\Adobe
2017-02-17 09:43 - 2016-10-25 10:34 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-17 09:43 - 2016-10-25 10:34 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-17 09:43 - 2016-10-25 10:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-16 11:09 - 2010-09-10 13:20 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-02-15 13:14 - 2009-09-06 20:57 - 00000000 ____D C:\Windows\Panther
2017-02-13 14:34 - 2016-12-22 10:49 - 00035328 _____ C:\Users\Annette\Desktop\Oil Tank.xls
2017-02-10 17:21 - 2017-01-30 15:46 - 00000000 ____D C:\Users\Annette\Desktop\SPORT ORDERS

==================== Files in the root of some directories =======

2017-02-17 14:26 - 2017-02-17 14:26 - 0020480 _____ () C:\Users\Annette\AppData\Local\ffdvox.dll
2016-11-15 09:16 - 2016-12-07 09:53 - 0007651 _____ () C:\Users\Annette\AppData\Local\Resmon.ResmonCfg
2017-02-16 11:09 - 2017-02-16 11:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2010-09-10 13:27 - 2010-09-10 13:27 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-15 16:11 - 2010-07-15 16:12 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-09-10 13:26 - 2010-09-10 13:26 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-15 16:07 - 2010-07-15 16:07 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-09-10 13:26 - 2010-09-10 13:26 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-09-10 13:27 - 2010-09-10 13:27 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-15 16:06 - 2010-07-15 16:06 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-15 16:07 - 2010-07-15 16:11 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-09-10 13:27 - 2010-09-10 13:27 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some files in TEMP:
====================
2017-03-03 20:03 - 2017-03-03 20:03 - 2037586 _____ (                                                            ) C:\Users\Annette\AppData\Local\Temp\6722d8e2-0076-11e7-91ef-eaabecf7cc33.exe
2017-02-17 14:26 - 2017-02-17 14:26 - 0889024 _____ () C:\Users\Annette\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe
2017-02-17 14:25 - 2017-02-17 14:26 - 29136048 _____ (AppTrailers) C:\Users\Annette\AppData\Local\Temp\AppTrailers.9.1.10amt.exe
2017-02-17 14:25 - 2017-02-17 14:25 - 0102600 _____ (Installer Technology © 2015) C:\Users\Annette\AppData\Local\Temp\installer.exe
2016-10-17 08:09 - 2016-10-17 08:09 - 0243320 _____ (McAfee, Inc.) C:\Users\Annette\AppData\Local\Temp\McCSPInstall.dll
2017-02-17 14:25 - 2017-02-17 14:25 - 1199825 _____ () C:\Users\Annette\AppData\Local\Temp\unins000.exe
2017-02-17 14:25 - 2017-02-17 14:25 - 1236255 _____ (VideoBox                                                    ) C:\Users\Annette\AppData\Local\Temp\videobox.exe
2017-02-17 14:26 - 2017-02-17 14:26 - 9993219 _____ () C:\Users\Annette\AppData\Local\Temp\wajam_install.exe
2017-02-17 13:21 - 2016-09-24 15:35 - 0455600 _____ (Macrovision Corporation) C:\Users\Annette\AppData\Local\Temp\_is2A3B.exe
2017-02-17 13:20 - 2006-05-24 14:10 - 0455600 _____ (Macrovision Corporation) C:\Users\Annette\AppData\Local\Temp\_isC7F0.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-02 15:26

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,791 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:19 AM

Posted 04 March 2017 - 05:15 PM

Hello damien_karras and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Uninstall programs

Please uninstall these programs:

PC Speed Up
Java, (any version present)


===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista/7/8/10, instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Please run FRST again and make sure there is a checkmark next to Addition.txt before you hit ‘Scan’.

Logs to include with next post:

AdwCleaner log
JRT.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 damien_karras

damien_karras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 05 March 2017 - 01:25 AM

Thanks for the quick response, Satchfan!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Home Premium x64
Ran by Annette (Administrator) on Sun 03/05/2017 at  0:55:57.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 49

Failed to delete: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBY9PACW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\Documents\add-in express (Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XPHGY79 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TCZWLS7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60MV2S61 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\655RCYTC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6M84AOE9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KUSYVSH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84WU6DIG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLEL2AZH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CW8A8POH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS54XIGL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB2V1Y15 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKSI9WWK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIGA1S7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5LK7XVJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNY9GG23 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODL6J1WZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHYZQGNI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJ87IY4P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UU1VBYEW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XPHGY79 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TCZWLS7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60MV2S61 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\655RCYTC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6M84AOE9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KUSYVSH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84WU6DIG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLEL2AZH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CW8A8POH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DS54XIGL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB2V1Y15 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKSI9WWK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWIGA1S7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5LK7XVJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNY9GG23 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBY9PACW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODL6J1WZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHYZQGNI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJ87IY4P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UU1VBYEW (Temporary Internet Files Folder)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/05/2017 at  0:59:36.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Attached Files



#4 satchfan

satchfan

  • Malware Response Team
  • 2,791 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:19 AM

Posted 05 March 2017 - 05:54 AM

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to F:\ and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKU\S-1-5-21-3485294070-3855434222-705467683-1001\...\MountPoints2: {8c26d434-bafa-11e6-bc82-68b59964825f} - G:\VZW_Software_upgrade_assistant.exe
SearchScopes: HKLM -> DefaultScope {B40158A9-00A9-4072-8CD6-7B1AACF5DEDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {66088B74-D4B2-4950-A068-2D9A774923A4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {AC593F5D-410E-4519-B9B4-F994A27231CC} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {B40158A9-00A9-4072-8CD6-7B1AACF5DEDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {B40158A9-00A9-4072-8CD6-7B1AACF5DEDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {66088B74-D4B2-4950-A068-2D9A774923A4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {AC593F5D-410E-4519-B9B4-F994A27231CC} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {B40158A9-00A9-4072-8CD6-7B1AACF5DEDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3485294070-3855434222-705467683-1001 -> DefaultScope {B40158A9-00A9-4072-8CD6-7B1AACF5DEDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3485294070-3855434222-705467683-1001 -> {66088B74-D4B2-4950-A068-2D9A774923A4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3485294070-3855434222-705467683-1001 -> {AC593F5D-410E-4519-B9B4-F994A27231CC} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3485294070-3855434222-705467683-1001 -> {B40158A9-00A9-4072-8CD6-7B1AACF5DEDB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
S3 dbx; system32\DRIVERS\dbx.sys [X]
2017-03-05 00:26 - 2017-03-05 00:46 - 00000000 ____D C:\ProgramData\Lavasoft
2017-03-05 00:26 - 2016-09-23 16:48 - 01176992 _____ (TMRG, Inc.) C:\Windows\system32\rlls64.dll
2017-02-17 14:21 - 2017-02-17 14:21 - 00943150 _____ C:\Users\Annette\Downloads\Uniblue_PowerSuite_2017_Crack_Updated.rar
2017-02-17 14:08 - 2017-02-17 14:08 - 01186624 _____ (Uniblue Systems Limited ) C:\Users\Annette\Downloads\powersuite.exe
2017-02-16 10:28 - 2017-02-16 10:28 - 08024216 _____ (Uniblue Systems Ltd ) C:\Users\Annette\Downloads\driverscanner.exe
HKU\S-1-5-21-3485294070-3855434222-705467683-1001\...\ChromeHTML: -> c:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION
Task: {7F9E1363-4562-430A-AD06-B3D88B1AE33A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-15] (Google Inc.)
Task: {DF7D876C-790C-4D08-8341-0EE717B9B60E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-15] (Google Inc.)
Shortcut: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Еxрlorеr.lnk -> C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Eхplоrer (No Add-ons).lnk -> C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\Annette\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnet Ехрlоrеr Вrowser.lnk -> C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Еxрlorеr.lnk -> C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozillа Firefox (2).lnk -> C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozillа Firefox.lnk -> C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Chrоme.lnk -> C:\Users\Annette\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firеfоx.lnk -> C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfoх.lnk -> C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
FirewallRules: [{B7F8E616-35AD-405F-BA3D-10669C38D7F5}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{0F4CC1EC-DE2D-4336-AE42-0D65EAF9CC34}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
C:\Users\Annette\AppData\Local\ffdvox.dll
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
C:\Users\Annette\AppData\Local\Temp\6722d8e2-0076-11e7-91ef-eaabecf7cc33.exe
C:\Users\Annette\AppData\Local\Temp\AnonymizerGadgetSetup.1.000.1680.exe
C:\Users\Annette\AppData\Local\Temp\AppTrailers.9.1.10amt.exe
C:\Users\Annette\AppData\Local\Temp\installer.exe
C:\Users\Annette\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Annette\AppData\Local\Temp\unins000.exe
C:\Users\Annette\AppData\Local\Temp\videobox.exe
C:\Users\Annette\AppData\Local\Temp\wajam_install.exe
C:\Users\Annette\AppData\Local\Temp\_is2A3B.exe
C:\Users\Annette\AppData\Local\Temp\_isC7F0.exe
C:\Program Files (x86)\RelevantKnowledge
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Run Zoek

Please temporarily disable your AV program.

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.
 

  • on Windows Vista, 7, 8 and 10, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    autoclean;
    emptyalltemp;
    emptyclsid;
    FFdefaults;
    iedefaults;
    chrdefaults;
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

Logs to include with next post:

Fixlog.txt
zoek-results.log


Can you tell me how things are now.

Thanks

Satchfan


Edited by satchfan, 05 March 2017 - 05:55 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 damien_karras

damien_karras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 05 March 2017 - 02:27 PM

Results are attached.

Attached Files



#6 satchfan

satchfan

  • Malware Response Team
  • 2,791 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:19 AM

Posted 05 March 2017 - 04:46 PM

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/7/8/10, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on ‘Report’ and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

 

Satchfan
 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 damien_karras

damien_karras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 05 March 2017 - 06:49 PM

RKreport.txt is attached.

Attached Files



#8 satchfan

satchfan

  • Malware Response Team
  • 2,791 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:19 AM

Posted 06 March 2017 - 03:13 AM

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7/8/10 users right-click the program and select Run as Administrator'
  • after it has completed it's prescan, click on Scan
  • click on the click on the ‘Files’ tab
  • make sure the following entries there are checked:


    [PUP.Gen0][File] C:\Users\Public\Desktop\??zill? Fir?fo?.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t E?pl?rer (No Add-ons).lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rnet ?x?lor?r.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.emorhc.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rnet ???l?r?r ?rowser.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ?x?lor?r.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?ozill? Firefox (2).lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?ozill? Firefox.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
    [PUP.Gen1][Folder] C:\Users\Annette\AppData\Roaming\Easeware -> Found
    [PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogl? Chr?me.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.emorhc.bat -> Found
    [PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\G?tting St?rt?d.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.rehcnualsl.bat -> Found
    [PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zilla Fir?f?x.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
    [PUP.Gen0][File] C:\Users\Public\Desktop\??zill? Fir?fo?.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rnet ?x?lor?r.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found

     

  • then press the Delete button and post the log it produces.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 damien_karras

damien_karras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 06 March 2017 - 11:53 AM

Satchfan, I did as you instructed and yet I can't find a files tab in RogueKiller. I didn't see any of the files you mentioned for deletion. What am I doing wrong?

 

I attached a screenshot.

Attached Files



#10 satchfan

satchfan

  • Malware Response Team
  • 2,791 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:19 AM

Posted 06 March 2017 - 03:42 PM

I apologise for the bad instructions but I have not run it recently and have had to download and run the latest version to see the changes.

 

Hopefully this will work.

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7/8/10 users right-click the program and select Run as Administrator'
  • after it has completed it's prescan, click on Scan
  • click on the click on the ‘FilesSystem’ tab
  • make sure the following entries there are checked:


    [PUP.Gen0][File] C:\Users\Public\Desktop\??zill? Fir?fo?.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t E?pl?rer (No Add-ons).lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rnet ?x?lor?r.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.emorhc.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rnet ???l?r?r ?rowser.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Int?rn?t ?x?lor?r.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?ozill? Firefox (2).lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?ozill? Firefox.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
    [PUP.Gen1][Folder] C:\Users\Annette\AppData\Roaming\Easeware -> Found
    [PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogl? Chr?me.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.emorhc.bat -> Found
    [PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\G?tting St?rt?d.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.rehcnualsl.bat -> Found
    [PUP.Gen0][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zilla Fir?f?x.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
    [PUP.Gen0][File] C:\Users\Public\Desktop\??zill? Fir?fo?.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.xoferif.bat -> Found
    [PUP.Gen0][File] C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Int?rnet ?x?lor?r.lnk [LNK@] C:\Users\Annette\AppData\Roaming\Browsers\exe.erolpxei.bat -> Found

     

  • then press the Delete button and post the log it produces.

Let me know if there are still problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 damien_karras

damien_karras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 06 March 2017 - 04:28 PM

Ok, I read through the RogueKiller manual and there is no mention of a FilesSystem tab for me to select, nor could I find one in the program itself. Should I still run the scan as per your instructions?



#12 satchfan

satchfan

  • Malware Response Team
  • 2,791 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:19 AM

Posted 06 March 2017 - 05:44 PM

Please run it again and when you come to the window that is in your screenshot, click on Remove Selected.

 

Then, please post the resulting log.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 damien_karras

damien_karras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 06 March 2017 - 07:11 PM

Ok, here it is.

Attached Files



#14 satchfan

satchfan

  • Malware Response Team
  • 2,791 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:19 AM

Posted 07 March 2017 - 02:39 AM

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit ‘Scan’.

Logs to include with next post:

New Frst.txt
New Addition.txt


Can you tell me how your computer is now and what remaining problems there are.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 damien_karras

damien_karras
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 07 March 2017 - 03:09 AM

Everything seems to be fine. Thank you very much for your help!

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users