Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seeing Pop-ups and Link Redirects


  • This topic is locked This topic is locked
26 replies to this topic

#1 Probie715

Probie715

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 08 April 2017 - 11:47 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Brian (administrator) on SAYLORPC (09-04-2017 00:20:24)
Running from C:\Users\Brian\Downloads
Loaded Profiles: Brian (Available Profiles: Brian & Elefa & DefaultAppPool)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Dynamsoft Corporation) C:\Windows\System32\Dynamsoft\DynamicWebtwain\ForChrome\WebTWAINService.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\ENAgent.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Dynamsoft Corporation) C:\Windows\System32\Dynamsoft\DynamicWebtwain\ForChrome\WebTWAINService.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\22.9.1.12\n360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Dynamsoft Corporation) C:\Windows\System32\Dynamsoft\DynamicWebtwain\ForChrome\WebTWAINService.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\22.9.1.12\n360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe
() C:\Program Files\EaseUS\EaseUS Partition Master 11.10\bin\TrayPopupE\TrayTipAgentE.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Users\Brian\AppData\Local\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\22.9.1.12\conathst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x86__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM\...\Run: [Display] => C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [404992 2017-04-06] (LogMeIn, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2312824 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [CLMLServer_For_P2G8] => C:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM\...\Run: [CLVirtualDrive] => C:\Program Files\CyberLink\Power2Go8\VirtualDrive.exe [490096 2012-06-22] (CyberLink Corp.)
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe [2090176 2016-09-20] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUS Cleanup] => C:\Program Files\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe [1243328 2016-09-20] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files\EaseUS\EaseUS Partition Master 11.10\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2015-07-02] (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\...\Run: [CAHeadless] => C:\Program Files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1047760 2015-01-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\...\Run: [Google Update] => C:\Users\Brian\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-06] (Google Inc.)
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Brian\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2015-09-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7348440 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [30208 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIICE.EXE [249440 2014-12-11] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\22.9.1.12\buShell.dll [2017-03-16] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2016-10-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2013-05-06]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk [2016-07-03]
ShortcutTarget: Bginfo.lnk -> D:\BGinfo\Bginfo.exe (No File)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2016-11-18]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Brian\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.10.10.1
Tcpip\..\Interfaces\{0AD94009-A08F-4E14-9A92-A8FDFACBC353}: [DhcpNameServer] 192.168.1.202
Tcpip\..\Interfaces\{a339f7d9-ce79-44bf-aca2-cde03fac297a}: [DhcpNameServer] 10.10.10.1
Tcpip\..\Interfaces\{CD4AD85D-82FE-4B0A-950F-49AAFD774F8D}: [DhcpNameServer] 192.168.1.202
Tcpip\..\Interfaces\{FC5E12B5-3654-4571-86A6-10406B5D5DB5}: [DhcpNameServer] 192.168.0.1
ManualProxies: 0hxxp://no-blok.net/wpad.dat?e447822d689675aaeac25929539069f326168058

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.7.0.11
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {659596CD-2747-44E2-B5F4-C69C0515A30F} URL =
SearchScopes: HKU\S-1-5-21-717800116-2120676930-3595230625-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-717800116-2120676930-3595230625-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-717800116-2120676930-3595230625-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22.9.0.71&locale=en_US&guid=17609AD6-1824-4AB3-809A-AC19C7CA6CE6&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-717800116-2120676930-3595230625-1000 -> {DBBFD798-8716-4308-A0AD-B6353A6969EE} URL = hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=052813&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-08] (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-08] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\22.9.1.12\coIEPlg.dll [2017-03-16] (Symantec Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: 2k6xxcq8.default-1449263469767
FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\jhrot69z.default [2017-04-08]
FF Homepage: Mozilla\Firefox\Profiles\jhrot69z.default -> hxxp://iamresponding.com/v3/agency/def.aspx
hxxps://webcad.lcwc911.us/Login.aspx
hxxp://www.lcwc911.us/lcwc/LiveStatus/LiveIncidentList.aspx
FF Extension: (Amazon Assistant for Firefox) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\jhrot69z.default\Extensions\abb@amazon.com.xpi [2017-02-27]
FF Extension: (Firebug) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\jhrot69z.default\Extensions\firebug@software.joehewitt.com.xpi [2017-02-25]
FF Extension: (QR Code Image Generator) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\jhrot69z.default\Extensions\jid0-RwTySlpoKU14fw7yw2AflOAihhA@jetpack.xpi [2017-02-25]
FF Extension: (No Name) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\jhrot69z.default\extensions\newtabgoogle@graememcc.co.uk.xpi [not found]
FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2k6xxcq8.default-1449263469767 [2017-04-09]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\2k6xxcq8.default-1449263469767 -> Google
FF Homepage: Mozilla\Firefox\Profiles\2k6xxcq8.default-1449263469767 -> hxxp://iamresponding.com/v3/agency/def.aspx
FF Extension: (Amazon Assistant for Firefox) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2k6xxcq8.default-1449263469767\Extensions\abb@amazon.com.xpi [2017-01-21]
FF Extension: (Firebug) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2k6xxcq8.default-1449263469767\Extensions\firebug@software.joehewitt.com.xpi [2017-04-05]
FF Extension: (QR Code Image Generator) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2k6xxcq8.default-1449263469767\Extensions\jid0-RwTySlpoKU14fw7yw2AflOAihhA@jetpack.xpi [2016-08-04]
FF Extension: (Disable Prefetch) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2k6xxcq8.default-1449263469767\features\{7f19c979-74c8-4c80-b994-77b3c6f72948}\disable-prefetch@mozilla.org.xpi [2017-04-05]
FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\pck9rbx7.default-1491436085102 [2017-04-08]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-17] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-17] [not signed]
FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-23] [not signed]
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2015-08-29] [not signed]
FF HKLM\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files\Mozilla Firefox\extensions\lesstabs@lesstabs.com => not found
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-11-20] [not signed]
FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-08-29] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => not found
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-09-07] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.9.0.71\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.9.0.71\coFFAddon [2017-04-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin: @dynamsoft.com/DynamicWebTwainPlugin -> C:\Windows\system32\dynamsoft\dynamicwebtwain\NPDynamicWebTwainTrial.dll [2013-07-10] (Dynamsoft Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [No File]
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-10-25] (Nero AG)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-717800116-2120676930-3595230625-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Brian\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-717800116-2120676930-3595230625-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Brian\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-11-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-11-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-11-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-11-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-11-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\2408218.js [2017-03-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-02-20]
FF ExtraCheck: C:\Program Files\mozilla firefox\2408218.cfg [2017-03-10] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://vinstaller.com/kmsx/yhome.html?hspart=w3i&hsimp=yhs-syctransfer&type=__PARAM__
CHR StartupUrls: Default -> "hxxp://iamresponding.com/v3/agency/def.aspx","hxxps://webcad.lcwc911.us/Pages/Status/AgencyStatus.aspx","hxxp://www.lcwc911.us/lcwc/LiveStatus/LiveIncidentList.aspx"
CHR DefaultSearchURL: Default -> hxxp://vinstaller.com/kmsx/ysearch.html?hspart=w3i&fr=w3i&p={searchTerms}&type=__PARAM__
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxp://vinstaller.com/kmsx/ysuggest.html?output=fxjson&amp;command={searchTerms}
CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default [2017-04-08]
CHR Extension: (Angry Birds) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-08-30]
CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2017-02-25]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2017-02-25]
CHR Extension: (Norton Security Toolbar) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-03-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-24]
CHR Extension: (After the Deadline) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho [2017-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-25]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2017-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-24]
CHR Extension: (LogMeIn) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2017-02-25]
CHR Extension: (Chrome Media Router) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-05]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton 360\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-27]
CHR HKLM\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx <not found>
CHR HKLM\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files\1ClickDownload\oneclickdownloader11.crx <not found>
CHR HKU\S-1-5-21-717800116-2120676930-3595230625-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx <not found>
StartMenuInternet: Google Chrome.3HV2JCMVWHCMVZK3UIGLPRQESI - C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2560192 2017-03-26] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [152560 2014-02-13] (Coupons.com Inc.)
R2 Dynamsoft WebTWAIN Service; C:\WINDOWS\System32\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe [1347088 2015-08-31] (Dynamsoft Corporation)
R2 ENAgent; C:\Windows\system32\ENAgent.exe [4209856 2012-07-04] (SEIKO EPSON CORPORATION)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [931896 2016-06-14] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe [405456 2017-03-24] (LogMeIn, Inc.)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 N360; C:\Program Files\Norton 360\Engine\22.9.1.12\N360.exe [288512 2017-03-16] (Symantec Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [805752 2016-09-14] (Nero AG)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [421944 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2905656 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2018360 2016-06-14] (NVIDIA Corporation)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-18] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 wampapache; E:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) [File not signed]
S3 wampmysqld; E:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84920 2017-03-04] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\22.9.0.71\Definitions\BASHDefs\20170405.003\BHDrvx86.sys [1334424 2017-03-03] (Symantec Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-06-22] (Avanquest Software) [File not signed]
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1609010.00C\ccSetx86.sys [137888 2017-02-20] (Symantec Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [73712 2011-12-26] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388768 2017-01-05] (Symantec Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [30888 2016-12-07] ()
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [124576 2017-01-05] (Symantec Corporation)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2016-07-11] ()
R2 giveio; C:\WINDOWS\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\22.9.0.71\Definitions\IPSDefs\20170408.002\IDSvix86.sys [798928 2017-03-03] (Symantec Corporation)
R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [52368 2015-06-17] (Logitech, Inc.)
R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [20240 2015-06-17] (Logitech, Inc.)
R2 LMIInfo; C:\WINDOWS\system32\drivers\LMIInfo.sys [27872 2017-01-11] (LogMeIn, Inc.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [220088 2017-03-30] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2014-12-17] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_x86_58917eaf72e82678\nvlddmkm.sys [12234168 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27704 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46096 2013-07-19] (Corel Corporation)
S4 RsFx0201; C:\WINDOWS\System32\DRIVERS\RsFx0201.sys [271040 2014-05-15] (Microsoft Corporation)
S3 Ser2plx86; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [77824 2008-10-27] (Prolific Technology Inc.)
R2 speedfan; C:\WINDOWS\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1609010.00C\SRTSP.SYS [624288 2017-03-16] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1609010.00C\SRTSPX.SYS [41112 2017-03-16] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360\1609010.00C\SYMEFASI.SYS [1348256 2017-02-20] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\N360\1609010.00C\SYMELAM.SYS [20520 2017-02-20] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [89296 2017-03-04] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1609010.00C\Ironx86.SYS [232600 2017-02-20] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360\1609010.00C\SYMNETS.SYS [423640 2017-02-20] (Symantec Corporation)
S3 teamviewervpn; C:\WINDOWS\System32\drivers\teamviewervpn.sys [25088 2016-03-02] (TeamViewer GmbH)
S3 vididr; C:\WINDOWS\system32\DRIVERS\vididr.sys [116000 2015-10-20] (Acronis International GmbH)
R0 vidsflt; C:\WINDOWS\System32\DRIVERS\vidsflt.sys [85280 2015-10-20] (Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x86.sys [242688 2016-07-16] (Marvell)
U3 idsvc; no ImagePath
S4 LMIRfsClientNP; no ImagePath
S3 NAVENG; \??\C:\Program Files\Norton 360\NortonData\22.9.0.71\Definitions\SDSDefs\20170305.001\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton 360\NortonData\22.9.0.71\Definitions\SDSDefs\20170305.001\NAVEX15.SYS [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x86\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-09 00:20 - 2017-04-09 00:22 - 00046884 _____ C:\Users\Brian\Downloads\FRST.txt
2017-04-09 00:19 - 2017-04-09 00:20 - 00000000 ____D C:\FRST
2017-04-09 00:19 - 2017-04-09 00:19 - 01766912 _____ (Farbar) C:\Users\Brian\Downloads\FRST.exe
2017-04-08 23:49 - 2017-04-08 23:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Brian\Downloads\HijackThis.exe
2017-04-08 10:01 - 2017-04-08 10:01 - 00000000 ___HD C:\OneDriveTemp
2017-04-08 08:28 - 2017-03-30 22:20 - 00001325 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170408-082856.backup
2017-04-08 07:47 - 2017-04-08 07:47 - 00001248 _____ C:\WINDOWS\wininit.ini
2017-04-08 05:32 - 2017-04-08 07:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-08 05:32 - 2017-04-08 06:13 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-04-08 05:32 - 2017-04-08 05:32 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-04-08 05:32 - 2017-04-08 05:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-04-08 05:32 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2017-04-06 15:51 - 2017-01-11 03:04 - 00027872 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIInfo.sys
2017-04-05 19:46 - 2017-04-05 19:46 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-05 19:46 - 2017-04-05 19:46 - 00001174 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-05 19:44 - 2017-04-05 19:44 - 00245416 _____ C:\Users\Brian\Downloads\Firefox Setup Stub 52.0.2.exe
2017-04-03 17:41 - 2017-04-03 17:42 - 00000000 ____D C:\Users\Brian\Desktop\StBaldricks
2017-04-03 15:22 - 2017-04-03 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-03 15:22 - 2017-04-03 15:22 - 00000000 ____D C:\Program Files\CCleaner
2017-04-03 15:21 - 2017-04-03 15:21 - 09274608 _____ (Piriform Ltd) C:\Users\Brian\Downloads\ccsetup528.exe
2017-03-30 22:14 - 2017-03-30 22:14 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3A220DD8.sys
2017-03-30 22:01 - 2017-03-30 22:01 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-30 21:51 - 2017-03-30 21:57 - 59272008 _____ (Malwarebytes ) C:\Users\Brian\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-03-29 19:18 - 2017-03-30 20:12 - 00000000 ____D C:\Users\Brian\Desktop\Lizzies project
2017-03-27 15:24 - 2017-03-28 17:28 - 00000189 _____ C:\Users\Brian\Desktop\New Text Document (5).txt
2017-03-27 14:56 - 2017-03-27 14:57 - 00159637 _____ C:\Users\Brian\Downloads\FoxPro.pdf
2017-03-24 09:03 - 2017-03-16 00:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-03-24 09:03 - 2017-03-16 00:37 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-03-24 09:03 - 2017-03-16 00:05 - 18362368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-03-23 18:02 - 2017-03-23 18:02 - 00054557 _____ C:\Users\Brian\Desktop\Banquet Items CC Expense Sheet.pdf
2017-03-14 23:04 - 2017-03-04 03:57 - 01339744 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-14 23:04 - 2017-03-04 03:57 - 00980320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-03-14 23:04 - 2017-03-04 03:57 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-14 23:04 - 2017-03-04 03:57 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-03-14 23:04 - 2017-03-04 03:57 - 00279392 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-03-14 23:04 - 2017-03-04 03:57 - 00229720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-03-14 23:04 - 2017-03-04 03:57 - 00073056 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-14 23:04 - 2017-03-04 03:57 - 00031584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-03-14 23:04 - 2017-03-04 03:40 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-03-14 23:04 - 2017-03-04 02:59 - 00274272 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-03-14 23:04 - 2017-03-04 02:57 - 00581672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-03-14 23:04 - 2017-03-04 02:54 - 02277288 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-03-14 23:04 - 2017-03-04 02:54 - 00524776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-03-14 23:04 - 2017-03-04 02:53 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-03-14 23:04 - 2017-03-04 02:51 - 00399712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-03-14 23:04 - 2017-03-04 02:50 - 00355680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-03-14 23:04 - 2017-03-04 02:46 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-03-14 23:04 - 2017-03-04 02:24 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-03-14 23:04 - 2017-03-04 02:22 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-03-14 23:04 - 2017-03-04 02:22 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-03-14 23:04 - 2017-03-04 02:21 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-03-14 23:04 - 2017-03-04 02:20 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-03-14 23:04 - 2017-03-04 02:17 - 01110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-03-14 23:04 - 2017-03-04 02:16 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-03-14 23:04 - 2017-03-04 02:13 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-03-14 23:04 - 2017-03-04 02:12 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-03-14 23:04 - 2017-03-04 02:11 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-03-14 23:04 - 2017-03-04 02:09 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-03-14 23:04 - 2017-03-04 02:09 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-03-14 23:04 - 2017-03-04 02:08 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-03-14 23:04 - 2017-03-04 02:08 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-03-14 23:04 - 2017-03-04 02:07 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2017-03-14 23:04 - 2017-03-04 02:06 - 03774464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-03-14 23:04 - 2017-03-04 02:02 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-03-14 23:04 - 2017-03-04 02:02 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-03-14 23:04 - 2017-03-04 02:02 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-03-14 23:04 - 2017-03-04 02:02 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-03-14 23:04 - 2017-03-04 02:01 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-03-14 23:04 - 2017-03-04 02:01 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-03-14 23:04 - 2017-03-04 02:00 - 02003968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-03-14 23:04 - 2017-03-04 02:00 - 01524224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-03-14 23:04 - 2017-03-04 02:00 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-03-14 23:04 - 2017-03-04 02:00 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-03-14 23:04 - 2017-03-04 01:57 - 01438720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-03-14 23:04 - 2017-03-04 01:57 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-03-14 23:03 - 2017-03-04 03:57 - 00192352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-03-14 23:03 - 2017-03-04 03:57 - 00113504 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-03-14 23:03 - 2017-03-04 03:09 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-14 23:03 - 2017-03-04 03:09 - 00783552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-14 23:03 - 2017-03-04 03:09 - 00320144 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2017-03-14 23:03 - 2017-03-04 03:08 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-03-14 23:03 - 2017-03-04 03:08 - 00036704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2017-03-14 23:03 - 2017-03-04 03:07 - 01073816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-14 23:03 - 2017-03-04 03:07 - 00945760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-14 23:03 - 2017-03-04 02:59 - 00869728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-03-14 23:03 - 2017-03-04 02:53 - 00313568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2017-03-14 23:03 - 2017-03-04 02:51 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-03-14 23:03 - 2017-03-04 02:51 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-03-14 23:03 - 2017-03-04 02:51 - 00186720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-14 23:03 - 2017-03-04 02:50 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-03-14 23:03 - 2017-03-04 02:47 - 06667528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-03-14 23:03 - 2017-03-04 02:45 - 00117280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2017-03-14 23:03 - 2017-03-04 02:42 - 01411616 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-03-14 23:03 - 2017-03-04 02:42 - 01260784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-03-14 23:03 - 2017-03-04 02:42 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-03-14 23:03 - 2017-03-04 02:31 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2017-03-14 23:03 - 2017-03-04 02:30 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-03-14 23:03 - 2017-03-04 02:28 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothDesktopHandlers.dll
2017-03-14 23:03 - 2017-03-04 02:28 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-03-14 23:03 - 2017-03-04 02:26 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-03-14 23:03 - 2017-03-04 02:26 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-03-14 23:03 - 2017-03-04 02:26 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2017-03-14 23:03 - 2017-03-04 02:25 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2017-03-14 23:03 - 2017-03-04 02:24 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-03-14 23:03 - 2017-03-04 02:24 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-03-14 23:03 - 2017-03-04 02:22 - 01299968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-03-14 23:03 - 2017-03-04 02:22 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-03-14 23:03 - 2017-03-04 02:22 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-03-14 23:03 - 2017-03-04 02:22 - 00265728 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-03-14 23:03 - 2017-03-04 02:22 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-03-14 23:03 - 2017-03-04 02:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-03-14 23:03 - 2017-03-04 02:22 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-03-14 23:03 - 2017-03-04 02:21 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2017-03-14 23:03 - 2017-03-04 02:21 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\main.cpl
2017-03-14 23:03 - 2017-03-04 02:20 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2017-03-14 23:03 - 2017-03-04 02:20 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-03-14 23:03 - 2017-03-04 02:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-03-14 23:03 - 2017-03-04 02:19 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-03-14 23:03 - 2017-03-04 02:19 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-03-14 23:03 - 2017-03-04 02:18 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2017-03-14 23:03 - 2017-03-04 02:18 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2017-03-14 23:03 - 2017-03-04 02:16 - 00994304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2017-03-14 23:03 - 2017-03-04 02:16 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2017-03-14 23:03 - 2017-03-04 02:16 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-03-14 23:03 - 2017-03-04 02:16 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2017-03-14 23:03 - 2017-03-04 02:15 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-03-14 23:03 - 2017-03-04 02:13 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-03-14 23:03 - 2017-03-04 02:13 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-03-14 23:03 - 2017-03-04 02:13 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2017-03-14 23:03 - 2017-03-04 02:13 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-03-14 23:03 - 2017-03-04 02:13 - 01104896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-03-14 23:03 - 2017-03-04 02:10 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\regedit.exe
2017-03-14 23:03 - 2017-03-04 02:10 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2017-03-14 23:03 - 2017-03-04 02:09 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-03-14 23:03 - 2017-03-04 02:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2017-03-14 23:03 - 2017-03-04 02:09 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2017-03-14 23:03 - 2017-03-04 02:08 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-03-14 23:03 - 2017-03-04 02:07 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-03-14 23:03 - 2017-03-04 02:07 - 02643456 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-03-14 23:03 - 2017-03-04 02:07 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-03-14 23:03 - 2017-03-04 02:07 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2017-03-14 23:03 - 2017-03-04 02:07 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-03-14 23:03 - 2017-03-04 02:07 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhtask.dll
2017-03-14 23:03 - 2017-03-04 02:06 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-03-14 23:03 - 2017-03-04 02:06 - 01017856 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-03-14 23:03 - 2017-03-04 02:05 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-03-14 23:03 - 2017-03-04 02:05 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2017-03-14 23:03 - 2017-03-04 02:05 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-03-14 23:03 - 2017-03-04 02:05 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-03-14 23:03 - 2017-03-04 02:05 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2017-03-14 23:03 - 2017-03-04 02:04 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-03-14 23:03 - 2017-03-04 02:04 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-03-14 23:03 - 2017-03-04 02:02 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2017-03-14 23:03 - 2017-03-04 02:01 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-03-14 23:03 - 2017-03-04 02:01 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-03-14 23:03 - 2017-03-04 02:01 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2017-03-14 23:03 - 2017-03-04 02:00 - 04557824 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2017-03-14 23:03 - 2017-03-04 02:00 - 02996736 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-03-14 23:03 - 2017-03-04 02:00 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-14 23:03 - 2016-07-15 21:45 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CspCellularSettings.dll
2017-03-14 23:03 - 2016-07-15 21:43 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-03-14 23:03 - 2016-07-15 21:43 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-03-14 23:02 - 2017-03-04 03:57 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-03-14 23:02 - 2017-03-04 03:09 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-03-14 23:02 - 2017-03-04 03:09 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-03-14 23:02 - 2017-03-04 03:06 - 01956704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-03-14 23:02 - 2017-03-04 03:03 - 00583136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-03-14 23:02 - 2017-03-04 03:02 - 00950112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-03-14 23:02 - 2017-03-04 02:59 - 00055136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-03-14 23:02 - 2017-03-04 02:52 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-03-14 23:02 - 2017-03-04 02:51 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-03-14 23:02 - 2017-03-04 02:51 - 00454496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-03-14 23:02 - 2017-03-04 02:50 - 00100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2017-03-14 23:02 - 2017-03-04 02:47 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-03-14 23:02 - 2017-03-04 02:47 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-03-14 23:02 - 2017-03-04 02:47 - 00530480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2017-03-14 23:02 - 2017-03-04 02:46 - 01224104 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2017-03-14 23:02 - 2017-03-04 02:42 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2017-03-14 23:02 - 2017-03-04 02:30 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-03-14 23:02 - 2017-03-04 02:30 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-03-14 23:02 - 2017-03-04 02:29 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2017-03-14 23:02 - 2017-03-04 02:29 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll
2017-03-14 23:02 - 2017-03-04 02:29 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2017-03-14 23:02 - 2017-03-04 02:28 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-03-14 23:02 - 2017-03-04 02:27 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-03-14 23:02 - 2017-03-04 02:27 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddrawex.dll
2017-03-14 23:02 - 2017-03-04 02:26 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-03-14 23:02 - 2017-03-04 02:26 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-03-14 23:02 - 2017-03-04 02:25 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscandui.dll
2017-03-14 23:02 - 2017-03-04 02:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2017-03-14 23:02 - 2017-03-04 02:24 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfui.dll
2017-03-14 23:02 - 2017-03-04 02:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-03-14 23:02 - 2017-03-04 02:23 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2017-03-14 23:02 - 2017-03-04 02:23 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-03-14 23:02 - 2017-03-04 02:23 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2017-03-14 23:02 - 2017-03-04 02:22 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-03-14 23:02 - 2017-03-04 02:22 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2017-03-14 23:02 - 2017-03-04 02:22 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-03-14 23:02 - 2017-03-04 02:21 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-03-14 23:02 - 2017-03-04 02:21 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-03-14 23:02 - 2017-03-04 02:20 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-03-14 23:02 - 2017-03-04 02:20 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2017-03-14 23:02 - 2017-03-04 02:20 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-03-14 23:02 - 2017-03-04 02:20 - 00322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-03-14 23:02 - 2017-03-04 02:20 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-03-14 23:02 - 2017-03-04 02:19 - 00714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-03-14 23:02 - 2017-03-04 02:19 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2017-03-14 23:02 - 2017-03-04 02:19 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-03-14 23:02 - 2017-03-04 02:18 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2017-03-14 23:02 - 2017-03-04 02:18 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-03-14 23:02 - 2017-03-04 02:18 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-03-14 23:02 - 2017-03-04 02:18 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-03-14 23:02 - 2017-03-04 02:18 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-03-14 23:02 - 2017-03-04 02:17 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-03-14 23:02 - 2017-03-04 02:17 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-03-14 23:02 - 2017-03-04 02:17 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-03-14 23:02 - 2017-03-04 02:17 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-03-14 23:02 - 2017-03-04 02:16 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-03-14 23:02 - 2017-03-04 02:16 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-03-14 23:02 - 2017-03-04 02:16 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-03-14 23:02 - 2017-03-04 02:16 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-03-14 23:02 - 2017-03-04 02:13 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-03-14 23:02 - 2017-03-04 02:12 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-03-14 23:02 - 2017-03-04 02:12 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2017-03-14 23:02 - 2017-03-04 02:11 - 01320448 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-03-14 23:02 - 2017-03-04 02:11 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-03-14 23:02 - 2017-03-04 02:11 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-03-14 23:02 - 2017-03-04 02:10 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2017-03-14 23:02 - 2017-03-04 02:07 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-03-14 23:02 - 2017-03-04 02:06 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-03-14 23:02 - 2017-03-04 02:06 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2017-03-14 23:02 - 2017-03-04 02:03 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxclu.dll
2017-03-14 23:02 - 2017-03-04 02:01 - 03478528 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-03-14 23:02 - 2017-03-04 02:01 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-03-14 23:02 - 2017-03-04 02:01 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-03-14 23:02 - 2017-03-04 02:01 - 01571840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-03-14 23:02 - 2017-03-04 02:01 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-03-14 23:02 - 2017-03-04 02:01 - 01493504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-03-14 23:02 - 2017-03-04 02:01 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-03-14 23:02 - 2017-03-04 02:01 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-03-14 23:02 - 2017-03-04 02:00 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-03-14 23:02 - 2017-03-04 02:00 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-03-14 23:02 - 2017-03-04 01:57 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-03-14 23:02 - 2017-03-04 01:57 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-03-14 23:01 - 2017-03-04 03:57 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-03-14 23:01 - 2017-03-04 03:46 - 00448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-03-14 23:01 - 2017-03-04 03:44 - 01470816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems32.dll
2017-03-14 23:01 - 2017-03-04 03:09 - 00092000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-03-14 23:01 - 2017-03-04 03:06 - 00341336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2017-03-14 23:01 - 2017-03-04 03:06 - 00106336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-03-14 23:01 - 2017-03-04 03:04 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-14 23:01 - 2017-03-04 02:56 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-03-14 23:01 - 2017-03-04 02:56 - 00248992 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-03-14 23:01 - 2017-03-04 02:54 - 01897824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-03-14 23:01 - 2017-03-04 02:53 - 02256080 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-03-14 23:01 - 2017-03-04 02:53 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-03-14 23:01 - 2017-03-04 02:53 - 00551264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-03-14 23:01 - 2017-03-04 02:53 - 00493912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-03-14 23:01 - 2017-03-04 02:53 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-03-14 23:01 - 2017-03-04 02:51 - 00458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-03-14 23:01 - 2017-03-04 02:47 - 00432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2017-03-14 23:01 - 2017-03-04 02:47 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-03-14 23:01 - 2017-03-04 02:47 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-03-14 23:01 - 2017-03-04 02:46 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2017-03-14 23:01 - 2017-03-04 02:46 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-03-14 23:01 - 2017-03-04 02:46 - 00125792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-03-14 23:01 - 2017-03-04 02:45 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-03-14 23:01 - 2017-03-04 02:45 - 00112120 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2017-03-14 23:01 - 2017-03-04 02:45 - 00093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2017-03-14 23:01 - 2017-03-04 02:36 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-03-14 23:01 - 2017-03-04 02:30 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-03-14 23:01 - 2017-03-04 02:29 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.SecureAssessment.dll
2017-03-14 23:01 - 2017-03-04 02:29 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dggpext.dll
2017-03-14 23:01 - 2017-03-04 02:28 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2017-03-14 23:01 - 2017-03-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-03-14 23:01 - 2017-03-04 02:27 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-03-14 23:01 - 2017-03-04 02:27 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2017-03-14 23:01 - 2017-03-04 02:27 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2017-03-14 23:01 - 2017-03-04 02:26 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2017-03-14 23:01 - 2017-03-04 02:26 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-03-14 23:01 - 2017-03-04 02:26 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2017-03-14 23:01 - 2017-03-04 02:25 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-03-14 23:01 - 2017-03-04 02:25 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2017-03-14 23:01 - 2017-03-04 02:25 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2017-03-14 23:01 - 2017-03-04 02:25 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-03-14 23:01 - 2017-03-04 02:25 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShServiceObj.dll
2017-03-14 23:01 - 2017-03-04 02:25 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2017-03-14 23:01 - 2017-03-04 02:24 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-03-14 23:01 - 2017-03-04 02:24 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-03-14 23:01 - 2017-03-04 02:24 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-03-14 23:01 - 2017-03-04 02:24 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-03-14 23:01 - 2017-03-04 02:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2017-03-14 23:01 - 2017-03-04 02:23 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-03-14 23:01 - 2017-03-04 02:23 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-03-14 23:01 - 2017-03-04 02:23 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-03-14 23:01 - 2017-03-04 02:23 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2017-03-14 23:01 - 2017-03-04 02:23 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2017-03-14 23:01 - 2017-03-04 02:23 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-03-14 23:01 - 2017-03-04 02:23 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-03-14 23:01 - 2017-03-04 02:23 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-03-14 23:01 - 2017-03-04 02:22 - 06534656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2017-03-14 23:01 - 2017-03-04 02:22 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-03-14 23:01 - 2017-03-04 02:21 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-03-14 23:01 - 2017-03-04 02:21 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-03-14 23:01 - 2017-03-04 02:21 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-03-14 23:01 - 2017-03-04 02:21 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-03-14 23:01 - 2017-03-04 02:21 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi32.dll
2017-03-14 23:01 - 2017-03-04 02:21 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-03-14 23:01 - 2017-03-04 02:20 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-03-14 23:01 - 2017-03-04 02:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-03-14 23:01 - 2017-03-04 02:20 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-03-14 23:01 - 2017-03-04 02:20 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2017-03-14 23:01 - 2017-03-04 02:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-03-14 23:01 - 2017-03-04 02:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-03-14 23:01 - 2017-03-04 02:20 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-03-14 23:01 - 2017-03-04 02:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-03-14 23:01 - 2017-03-04 02:19 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-03-14 23:01 - 2017-03-04 02:19 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2017-03-14 23:01 - 2017-03-04 02:19 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-03-14 23:01 - 2017-03-04 02:19 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-03-14 23:01 - 2017-03-04 02:19 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2017-03-14 23:01 - 2017-03-04 02:19 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-03-14 23:01 - 2017-03-04 02:19 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-03-14 23:01 - 2017-03-04 02:18 - 01378304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-03-14 23:01 - 2017-03-04 02:18 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-03-14 23:01 - 2017-03-04 02:18 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-03-14 23:01 - 2017-03-04 02:18 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-03-14 23:01 - 2017-03-04 02:18 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-03-14 23:01 - 2017-03-04 02:18 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2017-03-14 23:01 - 2017-03-04 02:18 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-03-14 23:01 - 2017-03-04 02:17 - 00482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-03-14 23:01 - 2017-03-04 02:17 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-03-14 23:01 - 2017-03-04 02:17 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 02221056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-03-14 23:01 - 2017-03-04 02:16 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-03-14 23:01 - 2017-03-04 02:15 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\azroleui.dll
2017-03-14 23:01 - 2017-03-04 02:14 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-03-14 23:01 - 2017-03-04 02:14 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-03-14 23:01 - 2017-03-04 02:14 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2017-03-14 23:01 - 2017-03-04 02:13 - 01056768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2017-03-14 23:01 - 2017-03-04 02:13 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2017-03-14 23:01 - 2017-03-04 02:13 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-03-14 23:01 - 2017-03-04 02:13 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-03-14 23:01 - 2017-03-04 02:13 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2017-03-14 23:01 - 2017-03-04 02:12 - 01842688 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-03-14 23:01 - 2017-03-04 02:12 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2017-03-14 23:01 - 2017-03-04 02:12 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-03-14 23:01 - 2017-03-04 02:10 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-03-14 23:01 - 2017-03-04 02:09 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-03-14 23:01 - 2017-03-04 02:07 - 01406976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-03-14 23:01 - 2017-03-04 02:07 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-03-14 23:01 - 2017-03-04 02:06 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-03-14 23:01 - 2017-03-04 02:06 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-03-14 23:01 - 2017-03-04 02:06 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-03-14 23:01 - 2017-03-04 02:06 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-03-14 23:01 - 2017-03-04 02:05 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-03-14 23:01 - 2017-03-04 02:05 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-03-14 23:01 - 2017-03-04 02:05 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2017-03-14 23:01 - 2017-03-04 02:05 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2017-03-14 23:01 - 2017-03-04 02:05 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2017-03-14 23:01 - 2017-03-04 02:03 - 02363904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-03-14 23:01 - 2017-03-04 02:03 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-03-14 23:01 - 2017-03-04 02:03 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-03-14 23:01 - 2017-03-04 02:03 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-03-14 23:01 - 2017-03-04 02:02 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-03-14 23:01 - 2017-03-04 02:02 - 01949696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-03-14 23:01 - 2017-03-04 02:02 - 01485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-03-14 23:01 - 2017-03-04 02:02 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-03-14 23:01 - 2017-03-04 02:02 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-03-14 23:01 - 2017-03-04 02:02 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-03-14 23:01 - 2017-03-04 02:01 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-03-14 23:01 - 2017-03-04 02:01 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-03-14 23:01 - 2017-03-04 02:01 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-03-14 23:01 - 2017-03-04 02:01 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2017-03-14 23:01 - 2017-03-04 02:01 - 01154560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Pimstore.dll
2017-03-14 23:01 - 2017-03-04 02:01 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-03-14 23:01 - 2017-03-04 02:01 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2017-03-14 23:01 - 2017-03-04 02:01 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-03-14 23:01 - 2017-03-04 02:01 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2017-03-14 23:01 - 2017-03-04 02:00 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-03-14 23:01 - 2017-03-04 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-03-14 23:01 - 2017-03-04 02:00 - 01235968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-03-14 23:01 - 2017-03-04 02:00 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-03-14 23:01 - 2017-03-04 02:00 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-03-14 23:01 - 2017-03-04 02:00 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-03-14 23:01 - 2017-03-04 01:59 - 01252352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-03-14 23:01 - 2017-02-21 22:03 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-03-14 23:00 - 2017-03-04 03:44 - 00685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-03-14 23:00 - 2017-03-04 03:41 - 00078176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2017-03-14 23:00 - 2017-03-04 03:09 - 00497416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-03-14 23:00 - 2017-03-04 03:08 - 05999968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-03-14 23:00 - 2017-03-04 03:04 - 01362512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-03-14 23:00 - 2017-03-04 03:02 - 00184416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2017-03-14 23:00 - 2017-03-04 03:02 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-03-14 23:00 - 2017-03-04 02:54 - 00290272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-03-14 23:00 - 2017-03-04 02:53 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-03-14 23:00 - 2017-03-04 02:53 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-03-14 23:00 - 2017-03-04 02:53 - 00781152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-03-14 23:00 - 2017-03-04 02:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-03-14 23:00 - 2017-03-04 02:51 - 00086360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-03-14 23:00 - 2017-03-04 02:51 - 00060768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-03-14 23:00 - 2017-03-04 02:47 - 04023000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-03-14 23:00 - 2017-03-04 02:47 - 01853224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-03-14 23:00 - 2017-03-04 02:47 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-03-14 23:00 - 2017-03-04 02:47 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-03-14 23:00 - 2017-03-04 02:47 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-03-14 23:00 - 2017-03-04 02:47 - 01202384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-03-14 23:00 - 2017-03-04 02:47 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-03-14 23:00 - 2017-03-04 02:47 - 00981376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-03-14 23:00 - 2017-03-04 02:47 - 00976184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-03-14 23:00 - 2017-03-04 02:47 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-03-14 23:00 - 2017-03-04 02:40 - 01967968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-03-14 23:00 - 2017-03-04 02:40 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-03-14 23:00 - 2017-03-04 02:34 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-03-14 23:00 - 2017-03-04 02:30 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-03-14 23:00 - 2017-03-04 02:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInputUap.dll
2017-03-14 23:00 - 2017-03-04 02:29 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-03-14 23:00 - 2017-03-04 02:27 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2017-03-14 23:00 - 2017-03-04 02:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-03-14 23:00 - 2017-03-04 02:26 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-03-14 23:00 - 2017-03-04 02:26 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2017-03-14 23:00 - 2017-03-04 02:26 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-03-14 23:00 - 2017-03-04 02:26 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-03-14 23:00 - 2017-03-04 02:26 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-03-14 23:00 - 2017-03-04 02:26 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll
2017-03-14 23:00 - 2017-03-04 02:26 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-03-14 23:00 - 2017-03-04 02:25 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-03-14 23:00 - 2017-03-04 02:25 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSEngineShared.dll
2017-03-14 23:00 - 2017-03-04 02:25 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-03-14 23:00 - 2017-03-04 02:25 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-03-14 23:00 - 2017-03-04 02:24 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-03-14 23:00 - 2017-03-04 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2017-03-14 23:00 - 2017-03-04 02:23 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-03-14 23:00 - 2017-03-04 02:23 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-03-14 23:00 - 2017-03-04 02:23 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2017-03-14 23:00 - 2017-03-04 02:23 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dxpserver.exe
2017-03-14 23:00 - 2017-03-04 02:23 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-03-14 23:00 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-03-14 23:00 - 2017-03-04 02:22 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2017-03-14 23:00 - 2017-03-04 02:22 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-03-14 23:00 - 2017-03-04 02:22 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2017-03-14 23:00 - 2017-03-04 02:22 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-03-14 23:00 - 2017-03-04 02:21 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-03-14 23:00 - 2017-03-04 02:20 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-03-14 23:00 - 2017-03-04 02:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-03-14 23:00 - 2017-03-04 02:20 - 00301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-03-14 23:00 - 2017-03-04 02:20 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-03-14 23:00 - 2017-03-04 02:20 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-03-14 23:00 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-03-14 23:00 - 2017-03-04 02:19 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2017-03-14 23:00 - 2017-03-04 02:19 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2017-03-14 23:00 - 2017-03-04 02:19 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-03-14 23:00 - 2017-03-04 02:19 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2017-03-14 23:00 - 2017-03-04 02:19 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2017-03-14 23:00 - 2017-03-04 02:18 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2017-03-14 23:00 - 2017-03-04 02:18 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-03-14 23:00 - 2017-03-04 02:18 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-03-14 23:00 - 2017-03-04 02:18 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-14 23:00 - 2017-03-04 02:18 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-03-14 23:00 - 2017-03-04 02:17 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-03-14 23:00 - 2017-03-04 02:17 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-03-14 23:00 - 2017-03-04 02:17 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2017-03-14 23:00 - 2017-03-04 02:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-03-14 23:00 - 2017-03-04 02:17 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2017-03-14 23:00 - 2017-03-04 02:16 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-03-14 23:00 - 2017-03-04 02:16 - 00762880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-03-14 23:00 - 2017-03-04 02:16 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-03-14 23:00 - 2017-03-04 02:16 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-03-14 23:00 - 2017-03-04 02:15 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-03-14 23:00 - 2017-03-04 02:13 - 19411968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-03-14 23:00 - 2017-03-04 02:13 - 04613120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-03-14 23:00 - 2017-03-04 02:13 - 01003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-03-14 23:00 - 2017-03-04 02:13 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-03-14 23:00 - 2017-03-04 02:13 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-03-14 23:00 - 2017-03-04 02:13 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-03-14 23:00 - 2017-03-04 02:13 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-03-14 23:00 - 2017-03-04 02:12 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-03-14 23:00 - 2017-03-04 02:12 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-03-14 23:00 - 2017-03-04 02:12 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-03-14 23:00 - 2017-03-04 02:12 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-03-14 23:00 - 2017-03-04 02:12 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-03-14 23:00 - 2017-03-04 02:11 - 01357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2017-03-14 23:00 - 2017-03-04 02:11 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-03-14 23:00 - 2017-03-04 02:11 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-03-14 23:00 - 2017-03-04 02:11 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabletPC.cpl
2017-03-14 23:00 - 2017-03-04 02:11 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\tabcal.exe
2017-03-14 23:00 - 2017-03-04 02:10 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-03-14 23:00 - 2017-03-04 02:10 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-03-14 23:00 - 2017-03-04 02:10 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-03-14 23:00 - 2017-03-04 02:10 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2017-03-14 23:00 - 2017-03-04 02:10 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Tabbtn.dll
2017-03-14 23:00 - 2017-03-04 02:07 - 12178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-03-14 23:00 - 2017-03-04 02:07 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-03-14 23:00 - 2017-03-04 02:05 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-03-14 23:00 - 2017-03-04 02:05 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-03-14 23:00 - 2017-03-04 02:04 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2017-03-14 23:00 - 2017-03-04 02:03 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-03-14 23:00 - 2017-03-04 02:03 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-14 23:00 - 2017-03-04 02:03 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2017-03-14 23:00 - 2017-03-04 02:03 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MultiDigiMon.exe
2017-03-14 23:00 - 2017-03-04 02:02 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-03-14 23:00 - 2017-03-04 02:02 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-03-14 23:00 - 2017-03-04 02:01 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-03-14 23:00 - 2017-03-04 02:01 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-03-14 23:00 - 2017-03-04 02:00 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-03-14 23:00 - 2017-03-04 02:00 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-03-14 23:00 - 2017-03-04 02:00 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-03-14 23:00 - 2017-03-04 02:00 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-03-14 23:00 - 2017-03-04 02:00 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-03-14 23:00 - 2017-03-04 02:00 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-03-14 23:00 - 2017-03-04 01:59 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-03-14 23:00 - 2017-03-04 01:59 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-03-14 23:00 - 2017-03-04 01:57 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-03-14 23:00 - 2017-03-04 01:57 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-03-14 23:00 - 2017-03-04 01:57 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2017-03-14 22:59 - 2016-05-29 14:38 - 08886976 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSetup.exe
2017-03-13 16:16 - 2017-03-13 16:16 - 01495402 _____ C:\Users\Brian\Desktop\statement.pdf
2017-03-10 18:32 - 2017-03-10 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2017
2017-03-10 17:12 - 2017-03-10 17:12 - 00000000 ____D C:\Dynamsoft
2017-03-10 16:50 - 2017-03-10 16:52 - 1322844160 _____ C:\Users\Brian\Desktop\Amaya.iso

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-08 14:22 - 2016-11-17 16:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-08 14:21 - 2015-10-16 23:09 - 00000000 ____D C:\Program Files\Cobian Backup 11
2017-04-08 10:02 - 2016-11-18 15:51 - 00000000 ____D C:\Users\Brian\AppData\LocalLow\Mozilla
2017-04-08 10:01 - 2016-02-14 00:35 - 00000000 ___RD C:\Users\Brian\OneDrive
2017-04-08 09:57 - 2016-09-29 04:25 - 00000000 ____D C:\Users\Brian
2017-04-08 09:57 - 2015-03-19 23:21 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2017-04-08 09:57 - 2012-10-16 17:08 - 00000000 ____D C:\Temp
2017-04-08 09:56 - 2016-09-29 05:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-08 09:56 - 2016-09-29 04:21 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2017-04-08 09:56 - 2016-09-29 04:20 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-08 09:55 - 2016-07-15 22:22 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-04-08 09:12 - 2016-09-29 04:17 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-08 06:13 - 2016-10-08 13:01 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-08 04:53 - 2012-10-09 14:47 - 00002284 ____H C:\Users\Brian\Documents\Default.rdp
2017-04-08 02:00 - 2014-08-26 20:15 - 00000000 ____D C:\Users\Brian\AppData\Local\Adobe
2017-04-08 00:35 - 2013-06-25 20:48 - 00000000 ____D C:\ProgramData\LogMeIn
2017-04-08 00:00 - 2015-02-08 11:54 - 00000000 ____D C:\Users\Brian\AppData\Local\LogMeInIgnition
2017-04-07 23:38 - 2016-07-16 04:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-07 23:38 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-07 19:19 - 2015-12-07 12:12 - 00000000 ____D C:\Program Files\LogMeIn Ignition
2017-04-07 13:06 - 2014-05-18 19:09 - 00154215 _____ C:\Users\Brian\Documents\Work Hours Tracker.xlsx
2017-04-06 15:51 - 2015-03-19 23:21 - 00102912 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2017-04-06 15:51 - 2015-03-19 23:21 - 00096736 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2017-04-06 15:51 - 2015-03-19 23:20 - 00000000 ____D C:\Program Files\LogMeIn
2017-04-05 19:48 - 2015-12-04 17:11 - 00000000 ____D C:\Users\Brian\Desktop\Old Firefox Data
2017-04-05 19:46 - 2013-01-20 14:41 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-04-05 19:36 - 2016-07-15 22:22 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-04-05 19:34 - 2016-07-16 04:29 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-04-04 06:46 - 2012-09-28 19:11 - 00000000 ____D C:\Users\Brian\AppData\Local\CrashDumps
2017-04-04 05:07 - 2016-07-16 04:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-04 05:06 - 2016-07-16 04:29 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-04 05:06 - 2014-05-14 17:08 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-04-04 05:04 - 2016-07-16 04:28 - 00000000 ____D C:\WINDOWS\INF
2017-04-04 05:02 - 2013-04-09 13:57 - 00000000 ____D C:\Program Files\Microsoft Office
2017-04-03 19:06 - 2012-09-27 14:03 - 00002491 _____ C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-03 19:06 - 2012-09-27 14:03 - 00002483 _____ C:\Users\Brian\Desktop\Google Chrome.lnk
2017-04-03 16:13 - 2012-11-17 16:05 - 00000000 ____D C:\Users\Brian\AppData\Roaming\uTorrent
2017-04-03 15:40 - 2016-09-30 18:05 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-03 15:40 - 2016-09-29 08:15 - 00000000 ___DC C:\WINDOWS\Panther
2017-04-03 14:45 - 2016-02-14 00:18 - 00000000 ____D C:\Users\Brian\AppData\Local\Packages
2017-03-31 15:29 - 2012-11-14 14:55 - 00000000 ____D C:\Users\Brian\Documents\Work
2017-03-30 22:34 - 2016-12-14 19:32 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360
2017-03-30 22:33 - 2017-03-04 22:55 - 00002248 _____ C:\Users\Public\Desktop\Norton 360.lnk
2017-03-30 22:33 - 2017-03-04 22:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2017-03-30 22:22 - 2014-01-12 10:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-30 21:49 - 2016-12-20 16:11 - 00000000 ____D C:\Users\Brian\AppData\Roaming\CyberLink
2017-03-30 18:31 - 2016-12-06 19:38 - 03894162 _____ C:\Users\Brian\Desktop\um-e60e3.pdf
2017-03-30 14:31 - 2013-05-26 11:47 - 00406528 _____ C:\Users\Brian\Desktop\Credit Card Expense Sheet.xls
2017-03-29 20:34 - 2017-03-04 22:50 - 00000000 ____D C:\Program Files\NortonInstaller
2017-03-24 16:16 - 2016-09-29 04:24 - 01002522 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-24 16:09 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-24 09:10 - 2016-07-16 04:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-23 18:56 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-03-21 18:14 - 2012-09-27 12:57 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Adobe
2017-03-17 21:26 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\rescache
2017-03-17 16:33 - 2016-02-14 00:18 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-17 16:29 - 2016-09-29 04:17 - 06741800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-17 16:19 - 2016-07-16 04:29 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-03-17 16:19 - 2016-07-16 04:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-17 16:19 - 2016-07-16 04:29 - 00000000 ___RD C:\Program Files\Windows Defender
2017-03-17 16:19 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\system32\setup
2017-03-17 16:19 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-17 16:19 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-03-17 16:19 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-03-17 16:19 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-03-17 16:19 - 2016-07-16 04:29 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-16 17:16 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\registration
2017-03-16 16:16 - 2013-05-06 11:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-15 19:53 - 2013-07-23 03:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-15 19:40 - 2015-09-02 15:13 - 135706696 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-15 19:20 - 2013-05-06 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-15 03:15 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-10 18:51 - 2013-01-16 15:55 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Nero
2017-03-10 18:34 - 2013-01-16 15:35 - 00000000 ____D C:\Program Files\Nero
2017-03-10 18:34 - 2013-01-16 15:35 - 00000000 ____D C:\Program Files\Common Files\Nero
2017-03-10 18:32 - 2013-01-16 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2017-03-10 17:59 - 2012-10-11 19:44 - 00000000 ____D C:\Users\Brian\.frostwire5
2017-03-10 01:17 - 2016-07-16 04:31 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-03-10 01:17 - 2016-07-16 04:31 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-12-01 13:59 - 2016-11-30 13:02 - 0012542 _____ () C:\Program Files\Common Files\client.wyc
2013-11-19 23:12 - 2015-06-06 22:37 - 0000132 _____ () C:\Users\Brian\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-11-21 13:20 - 2017-01-19 18:34 - 0000132 _____ () C:\Users\Brian\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-12-20 09:02 - 2014-12-20 09:02 - 0000268 ___RH () C:\Users\Brian\AppData\Roaming\Audio Unit Effect
2014-12-20 09:04 - 2014-12-20 09:04 - 0000268 ___RH () C:\Users\Brian\AppData\Roaming\Audio Units
2014-12-20 09:02 - 2014-12-20 09:02 - 0000268 ___RH () C:\Users\Brian\AppData\Roaming\Authentication
2016-05-12 19:36 - 2016-05-12 19:36 - 0001456 _____ () C:\Users\Brian\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-05-31 16:35 - 2016-05-31 16:35 - 0003584 _____ () C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-23 21:00 - 2016-02-23 21:00 - 0000187 _____ () C:\Users\Brian\AppData\Local\RAExpertHistory.xml
2015-08-30 01:01 - 2017-01-26 19:30 - 0000605 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-12-07 16:10 - 2015-12-07 16:10 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2015-10-07 15:24 - 2015-12-07 16:15 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2015-12-07 16:15 - 2015-12-07 16:15 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT

Files to move or delete:
====================
C:\Users\Brian\en_res.dll
C:\Users\Brian\es_res.dll
C:\Users\Brian\fr_res.dll
C:\Users\Brian\grm_res.dll
C:\Users\Brian\it_res.dll
C:\Users\Brian\jp_res.dll
C:\Users\Brian\mfc80u.dll
C:\Users\Brian\msvcr80.dll
C:\Users\Brian\PCPE Setup.exe
C:\Users\Brian\pt_res.dll
C:\Users\Brian\ResourceReader.dll
C:\Users\Brian\ru_res.dll
C:\Users\Brian\zh_res.dll


Some files in TEMP:
====================
2017-04-03 18:34 - 2016-07-16 04:25 - 0628440 _____ (Microsoft Corporation) C:\Users\Brian\AppData\Local\Temp\kernel32.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-30 15:23

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 PM

Posted 09 April 2017 - 09:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk [2016-07-03]
ShortcutTarget: Bginfo.lnk -> D:\BGinfo\Bginfo.exe (No File)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-717800116-2120676930-3595230625-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-717800116-2120676930-3595230625-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22.9.0.71&locale=en_US&guid=17609AD6-1824-4AB3-809A-AC19C7CA6CE6&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF Extension: (No Name) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\jhrot69z.default\extensions\newtabgoogle@graememcc.co.uk.xpi [not found]
FF HKLM\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files\Mozilla Firefox\extensions\lesstabs@lesstabs.com => not found
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => not found
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\2408218.js [2017-03-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\2408218.cfg [2017-03-10] <==== ATTENTION
CHR HomePage: Default -> hxxp://vinstaller.com/kmsx/yhome.html?hspart=w3i&hsimp=yhs-syctransfer&type=__PARAM__
CHR DefaultSearchURL: Default -> hxxp://vinstaller.com/kmsx/ysearch.html?hspart=w3i&fr=w3i&p={searchTerms}&type=__PARAM__
CHR DefaultSuggestURL: Default -> hxxp://vinstaller.com/kmsx/ysuggest.html?output=fxjson&amp;command={searchTerms}
CHR Extension: (Norton Security Toolbar) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-24]
CHR Extension: (Chrome Media Router) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-05]
CHR HKLM\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx <not found>
CHR HKLM\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files\1ClickDownload\oneclickdownloader11.crx <not found>
CHR HKU\S-1-5-21-717800116-2120676930-3595230625-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx <not found>
U3 idsvc; no ImagePath
S4 LMIRfsClientNP; no ImagePath
S3 NAVENG; \??\C:\Program Files\Norton 360\NortonData\22.9.0.71\Definitions\SDSDefs\20170305.001\NAVENG.SYS [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x86\Sandra.sys [X]
CustomCLSID: HKU\S-1-5-21-717800116-2120676930-3595230625-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Brian\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-717800116-2120676930-3595230625-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Brian\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-717800116-2120676930-3595230625-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Brian\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-717800116-2120676930-3595230625-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Brian\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
Task: {12A1CCCD-DCF4-4F78-B319-C6C534189CB9} - System32\Tasks\LaunchApp => C:\Program Files\JustCloud\JustCloud.exe
Task: {233FBB28-DE87-41B8-928D-C897F5A36EA1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {2C938BC9-9E08-4A0E-8B6B-6234DABE65E6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3A1021FE-BAB0-422C-AA61-EC0701615C91} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3C1A6EEB-5F89-4E01-9ED1-99A7629BB6F1} - System32\Tasks\RunAsStdUser Task => C:\Users\Brian\AppData\Local\gameflakeSA\bin\1.0.10.0\GameFlakeSA.exe  <==== ATTENTION
Task: {4745E6ED-9849-4D3A-87E6-C32AF57681DF} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe  <==== ATTENTION
Task: {80EA470B-B552-4D06-91FA-F010C8C77202} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8B632A7D-D527-482E-9A23-CD4FCD5C9CCA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {991D8E16-86C6-4296-9EB3-778BEFDB1EA0} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe  <==== ATTENTION
Task: {B979BA86-E105-4320-8A29-70CCEED7FAC0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D0613C4D-FD1D-472A-AFB1-328B249C9D2A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D0D93381-FCE0-47CD-B4F5-C9191428CCAA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D0F727A4-2DD1-4DD3-AC6E-D658DCBE8699} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D8E936B2-7DC5-4702-B151-A27C9EF1D98A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E3CCD77B-7B88-4CB5-9098-7DD45BD9FEA0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EEF8E450-64A7-4D40-A04B-E99CBE4AFB2B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F86F2E34-898E-4D41-BDB9-A34A507057F9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
C:\Program Files\JustCloud
C:\Users\Brian\AppData\Local\gameflakeSA
C:\Program Files\GoforFiles
C:\Users\Brian\AppData\Local\Temp\kernel32.dll
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
===

Please post the logs and let me know what problem persists with this computer.

#3 Probie715

Probie715
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 09 April 2017 - 12:23 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Brian (09-04-2017 11:58:07) Run:1
Running from C:\Users\Brian\Downloads
Loaded Profiles: Brian (Available Profiles: Brian & Elefa & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk [2016-07-03]
ShortcutTarget: Bginfo.lnk -> D:\BGinfo\Bginfo.exe (No File)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-717800116-2120676930-3595230625-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-717800116-2120676930-3595230625-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22.9.0.71&locale=en_US&guid=17609AD6-1824-4AB3-809A-AC19C7CA6CE6&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
FF Extension: (No Name) - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\jhrot69z.default\extensions\newtabgoogle@graememcc.co.uk.xpi [not found]
FF HKLM\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files\Mozilla Firefox\extensions\lesstabs@lesstabs.com => not found
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension => not found
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [No File]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\2408218.js [2017-03-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\2408218.cfg [2017-03-10] <==== ATTENTION
CHR HomePage: Default -> hxxp://vinstaller.com/kmsx/yhome.html?hspart=w3i&hsimp=yhs-syctransfer&type=__PARAM__
CHR DefaultSearchURL: Default -> hxxp://vinstaller.com/kmsx/ysearch.html?hspart=w3i&fr=w3i&p={searchTerms}&type=__PARAM__
CHR DefaultSuggestURL: Default -> hxxp://vinstaller.com/kmsx/ysuggest.html?output=fxjson&amp;command={searchTerms}
CHR Extension: (Norton Security Toolbar) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-24]
CHR Extension: (Chrome Media Router) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-05]
CHR HKLM\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx <not found>
CHR HKLM\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files\1ClickDownload\oneclickdownloader11.crx <not found>
CHR HKU\S-1-5-21-717800116-2120676930-3595230625-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Brian\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx <not found>
U3 idsvc; no ImagePath
S4 LMIRfsClientNP; no ImagePath
S3 NAVENG; \??\C:\Program Files\Norton 360\NortonData\22.9.0.71\Definitions\SDSDefs\20170305.001\NAVENG.SYS [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.RTM\WNt500x86\Sandra.sys [X]
CustomCLSID: HKU\S-1-5-21-717800116-2120676930-3595230625-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Brian\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-717800116-2120676930-3595230625-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Brian\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-717800116-2120676930-3595230625-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Brian\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-717800116-2120676930-3595230625-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Brian\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
Task: {12A1CCCD-DCF4-4F78-B319-C6C534189CB9} - System32\Tasks\LaunchApp => C:\Program Files\JustCloud\JustCloud.exe
Task: {233FBB28-DE87-41B8-928D-C897F5A36EA1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {2C938BC9-9E08-4A0E-8B6B-6234DABE65E6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3A1021FE-BAB0-422C-AA61-EC0701615C91} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3C1A6EEB-5F89-4E01-9ED1-99A7629BB6F1} - System32\Tasks\RunAsStdUser Task => C:\Users\Brian\AppData\Local\gameflakeSA\bin\1.0.10.0\GameFlakeSA.exe  <==== ATTENTION
Task: {4745E6ED-9849-4D3A-87E6-C32AF57681DF} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe  <==== ATTENTION
Task: {80EA470B-B552-4D06-91FA-F010C8C77202} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8B632A7D-D527-482E-9A23-CD4FCD5C9CCA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {991D8E16-86C6-4296-9EB3-778BEFDB1EA0} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe  <==== ATTENTION
Task: {B979BA86-E105-4320-8A29-70CCEED7FAC0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D0613C4D-FD1D-472A-AFB1-328B249C9D2A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D0D93381-FCE0-47CD-B4F5-C9191428CCAA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D0F727A4-2DD1-4DD3-AC6E-D658DCBE8699} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D8E936B2-7DC5-4702-B151-A27C9EF1D98A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E3CCD77B-7B88-4CB5-9098-7DD45BD9FEA0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EEF8E450-64A7-4D40-A04B-E99CBE4AFB2B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F86F2E34-898E-4D41-BDB9-A34A507057F9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
C:\Program Files\JustCloud
C:\Users\Brian\AppData\Local\gameflakeSA
C:\Program Files\GoforFiles
C:\Users\Brian\AppData\Local\Temp\kernel32.dll
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully.
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk => moved successfully
D:\BGinfo\Bginfo.exe => not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key removed successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key removed successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\jhrot69z.default\extensions\newtabgoogle@graememcc.co.uk.xpi => path removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\lesstabs@lesstabs.com => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => value removed successfully.
HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5 => key removed successfully.
C:\Program Files\mozilla firefox\defaults\pref\2408218.js => moved successfully
C:\Program Files\mozilla firefox\2408218.cfg => moved successfully
Chrome HomePage => removed successfully.
Chrome DefaultSearchURL => removed successfully.
Chrome DefaultSuggestURL => removed successfully.
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => moved successfully
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\eefhnbpnnaaokmclnihgajdnlgljajjg => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\ggebenakhmhfdkmkemdmllecchcldgec => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim => key removed successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco => key removed successfully.
HKU\S-1-5-21-717800116-2120676930-3595230625-1000\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim => key removed successfully.
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully.
idsvc => service removed successfully.
HKLM\System\CurrentControlSet\Services\LMIRfsClientNP => key removed successfully.
LMIRfsClientNP => service removed successfully.
HKLM\System\CurrentControlSet\Services\NAVENG => key removed successfully.
NAVENG => service removed successfully.
HKLM\System\CurrentControlSet\Services\SANDRA => key removed successfully.
SANDRA => service removed successfully.
HKU\S-1-5-21-717800116-2120676930-3595230625-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully.
HKU\S-1-5-21-717800116-2120676930-3595230625-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully.
HKU\S-1-5-21-717800116-2120676930-3595230625-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully.
HKU\S-1-5-21-717800116-2120676930-3595230625-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12A1CCCD-DCF4-4F78-B319-C6C534189CB9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12A1CCCD-DCF4-4F78-B319-C6C534189CB9} => key removed successfully.
C:\Windows\System32\Tasks\LaunchApp => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{233FBB28-DE87-41B8-928D-C897F5A36EA1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{233FBB28-DE87-41B8-928D-C897F5A36EA1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C938BC9-9E08-4A0E-8B6B-6234DABE65E6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C938BC9-9E08-4A0E-8B6B-6234DABE65E6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A1021FE-BAB0-422C-AA61-EC0701615C91} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A1021FE-BAB0-422C-AA61-EC0701615C91} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C1A6EEB-5F89-4E01-9ED1-99A7629BB6F1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C1A6EEB-5F89-4E01-9ED1-99A7629BB6F1} => key removed successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4745E6ED-9849-4D3A-87E6-C32AF57681DF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4745E6ED-9849-4D3A-87E6-C32AF57681DF} => key removed successfully.
C:\Windows\System32\Tasks\Go for FilesUpdate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Go for FilesUpdate => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80EA470B-B552-4D06-91FA-F010C8C77202} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80EA470B-B552-4D06-91FA-F010C8C77202} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B632A7D-D527-482E-9A23-CD4FCD5C9CCA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B632A7D-D527-482E-9A23-CD4FCD5C9CCA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{991D8E16-86C6-4296-9EB3-778BEFDB1EA0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{991D8E16-86C6-4296-9EB3-778BEFDB1EA0} => key removed successfully.
C:\Windows\System32\Tasks\GoforFilesUpdate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B979BA86-E105-4320-8A29-70CCEED7FAC0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B979BA86-E105-4320-8A29-70CCEED7FAC0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0613C4D-FD1D-472A-AFB1-328B249C9D2A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0613C4D-FD1D-472A-AFB1-328B249C9D2A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0D93381-FCE0-47CD-B4F5-C9191428CCAA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0D93381-FCE0-47CD-B4F5-C9191428CCAA} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0F727A4-2DD1-4DD3-AC6E-D658DCBE8699} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0F727A4-2DD1-4DD3-AC6E-D658DCBE8699} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8E936B2-7DC5-4702-B151-A27C9EF1D98A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8E936B2-7DC5-4702-B151-A27C9EF1D98A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3CCD77B-7B88-4CB5-9098-7DD45BD9FEA0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3CCD77B-7B88-4CB5-9098-7DD45BD9FEA0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEF8E450-64A7-4D40-A04B-E99CBE4AFB2B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEF8E450-64A7-4D40-A04B-E99CBE4AFB2B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F86F2E34-898E-4D41-BDB9-A34A507057F9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F86F2E34-898E-4D41-BDB9-A34A507057F9} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully.
"C:\Program Files\JustCloud" => not found.
"C:\Users\Brian\AppData\Local\gameflakeSA" => not found.
"C:\Program Files\GoforFiles" => not found.
C:\Users\Brian\AppData\Local\Temp\kernel32.dll => moved successfully
"C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.lnk" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 77573458 B
Java, Flash, Steam htmlcache => 1295 B
Windows/system/drivers => 1510385 B
Edge => 8331146 B
Chrome => 23869720 B
Firefox => 289418309 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16967 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 107104 B
LocalService => 19666 B
NetworkService => 0 B
Brian => 47166983 B
Elefa => 342290 B
DefaultAppPool => 33357 B

RecycleBin => 47387516 B
EmptyTemp: => 472.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:11:19 ====

# AdwCleaner v6.045 - Logfile created 09/04/2017 at 12:50:13
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-06.1 [Server]
# Operating System : Windows 10 Pro  (X86)
# Username : Brian - SAYLORPC
# Running from : C:\Users\Brian\Desktop\adwcleaner_6.045.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: CouponPrinterService


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Brian\AppData\Local\ArcadeParlor
[-] Folder deleted: C:\Users\Brian\AppData\Local\Browser Extensions
[-] Folder deleted: C:\Users\Brian\AppData\Local\DriverTuner
[-] Folder deleted: C:\Users\Brian\AppData\Local\eSupport.com
[-] Folder deleted: C:\Users\Brian\AppData\Local\Ilivid Player
[-] Folder deleted: C:\Users\Brian\AppData\LocalLow\Conduit
[-] Folder deleted: C:\Users\Brian\AppData\Roaming\goforfiles
[#] Folder deleted on reboot: C:\Users\Brian\AppData\Roaming\GoforFiles
[-] Folder deleted: C:\ProgramData\apn
[-] Folder deleted: C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder deleted: C:\Program Files\Coupons
[-] Folder deleted: C:\Program Files\myfree codec
[-] Folder deleted: C:\WINDOWS\BuzzSocialPointsChecker


***** [ Files ] *****

[-] File deleted: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\jhrot69z.default\extensions\abb@amazon.com.xpi
[-] File deleted: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2k6xxcq8.default-1449263469767\extensions\abb@amazon.com.xpi


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[#] Key deleted on reboot: HKLM\SYSTEM\CurrentControlSet\services\couponprinterservice
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetupV1.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetup_A-r400-t-bc.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetup_B-r400-t-bc.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\DriverTuner
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\DriverTuner_Init
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\GoforFiles
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\ilivid
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\InstallCore
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\PIP
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\systweak
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key deleted: HKU\S-1-5-21-717800116-2120676930-3595230625-1000\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\DriverTuner
[#] Key deleted on reboot: HKCU\Software\DriverTuner_Init
[#] Key deleted on reboot: HKCU\Software\GoforFiles
[#] Key deleted on reboot: HKCU\Software\ilivid
[#] Key deleted on reboot: HKCU\Software\InstallCore
[#] Key deleted on reboot: HKCU\Software\PIP
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\systweak
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
[-] Key deleted: HKLM\SOFTWARE\GoforFiles
[-] Key deleted: HKLM\SOFTWARE\PIP
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Auslogics
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7852 Bytes] - [09/04/2017 12:50:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [7455 Bytes] - [09/04/2017 12:46:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7998 Bytes] ##########
 

After following the steps above, it appears at this time, the problem has been resolved.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 PM

Posted 09 April 2017 - 01:29 PM


Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#5 Probie715

Probie715
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 10 April 2017 - 12:25 PM

It appears as though I spoke too soon, the pop-ups and redirects are still occurring, although not as frequently. (tradexchanger, onclk are the 2 recently)



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 PM

Posted 11 April 2017 - 08:14 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

===

p.s.
If the problem persists clean these caches if present.
Clean your Java cache.
https://www.java.com/en/download/help/plugin_cache.xml

===

Clean your Flash cache.
https://forums.adobe.com/message/4278569

#7 Probie715

Probie715
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 12 April 2017 - 05:27 PM

I ran the script yesterday and it ran for over 24 hours before the PC lost power due to a weather incident. I errands the script this afternoon and it's been running for over an hour. How long should this take? It appears "hung" on the Firefox Extensions...

Edited by Probie715, 12 April 2017 - 05:28 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 PM

Posted 13 April 2017 - 07:13 AM


Close the process if still running.

Then run this short script.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

#9 Probie715

Probie715
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 14 April 2017 - 03:47 PM

Even the short script is running for 24+ hours. Any other suggestions, this does not seem to be successful.

FYI, the only way to "end the process" is to restart the computer. The process continues to restart after stopped.

Edited by Probie715, 14 April 2017 - 03:49 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 PM

Posted 15 April 2017 - 07:24 AM

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

This will only do a scan and provide a log. It should not take more than one hour to complete. Close the process is it's longer.
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type xxx3xxx in the lower box to Perform only a Deep Scan then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 PM

Posted 21 April 2017 - 07:51 AM

Are you still with me?

#12 Probie715

Probie715
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 22 April 2017 - 09:38 AM

I am. THe pop-ups and redirects were so bad I couldn't get on the browser to even be productive. I am following the above requests now.



#13 Probie715

Probie715
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 22 April 2017 - 09:35 PM

TFC ran quickly, Zoek I had to stop at the 2.5 hour mark (It was still running). Here is the partial result log:

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Brian on Sat 04/22/2017 at 10:40:58.65.
Microsoft Windows 10 Pro 10.0.14393  x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Brian\Desktop\zoek.exe [Scan all users]   [Deep Scan]

==== Older Logs ======================

C:\zoek-results2017-04-11-192016.log    8520 bytes
C:\zoek-results2017-04-13-183701.log    12656 bytes
C:\zoek-results2017-04-13-220338.log    15784 bytes

==== Running Processes ======================

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\dwm.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\ENAgent.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\EscSvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Norton 360\Engine\22.9.1.12\N360.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\Norton 360\Engine\22.9.1.12\N360.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\Program Files\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Google\Update\1.3.33.3\GoogleCrashHandler.exe
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Brian\Desktop\zoek.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x86__8wekyb3d8bbwe\Calculator.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3072 MB
CPU Info: AMD Athlon™ 64 Processor 3800+
CPU Speed: 2466.7 MHz
Sound Card: Speakers (High Definition Audio |
Digital Audio (S/PDIF) (High De |
Display Adapters: NVIDIA GeForce GT 610 | NVIDIA GeForce GT 610
Monitors: 2x; P244W (Digital) | Acer G245HQ (HDMI) |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
CD / DVD Drives: 1x (F: | ) F: HP      DVD Writer 1265t
Ports: COM1 | COM2 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  279.0GB | D:  2794.4GB | E:  19.1GB | G:  2794.5GB | H:  37.3GB | J:  931.5GB
Hard Disks - Free: C:  110.4GB | D:  2792.1GB | E:  3.1GB | G:  2156.0GB | H:  20.9GB | J:  717.7GB
Manufacturer *: Phoenix Technologies, LTD
BIOS Info: AT/AT COMPATIBLE | 02/07/07 | ACRSYS - 42302e31
Time Zone: Eastern Standard Time
Motherboard *: Acer EM61SM/EM61PM
Country: United States
Language: ENU

==== System Specs (Software) ======================

Default Browser: Firefox    52.0.2
Internet Explorer Version: 11.953.14393.0
Mozilla Firefox version: 52.0.2 ESR (x86 en-US)
Adobe Reader version: 17.9.20044.222436
Sun Java version: 1.8.0_121 (32-bit)
Flash Player version: 25.0.0.148

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\Brian\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2017-04-21 15:01:05    F7E8465680D7889174E6C7284E74B586    81408    ----a-w-    C:\WINDOWS\System32\E_TD4BKDE.DLL
2017-04-21 15:01:05    2033AC56A5AB0B2C92E65C42BDE97EAB    142848    ----a-w-    C:\WINDOWS\System32\E_TLMBKDE.DLL
2017-04-09 17:15:48    9A3A5FC596F577F8473B745F5C138642    95808    ----a-w-    C:\WINDOWS\System32\WindowsAccessBridge.dll
====== C:\WINDOWS\system32\drivers =====
2017-04-06 19:51:44    F66FB7E6CC8CE409401E4B022453CB77    27872    ----a-w-    C:\WINDOWS\System32\drivers\LMIInfo.sys
2017-03-31 02:14:23    56E4DE5761F5313CCD82A89815FFA716    220088    ----a-w-    C:\WINDOWS\System32\drivers\3A220DD8.sys
2017-03-31 02:01:02    56E4DE5761F5313CCD82A89815FFA716    220088    ----a-w-    C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
====== C:\WINDOWS\Tasks ======
2017-04-08 09:32:48    --------    d-----w-    C:\WINDOWS\system32\Tasks\Safer-Networking
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2017-04-09 17:13:50    --------    d-----w-    C:\Program Files\Common Files\Java
======= C: =====
====== C:\Users\Brian\AppData\Roaming ======
2017-04-19 06:54:04    --------    d-----w-    C:\Users\DefaultAppPool\AppData\LocalLow
2017-04-14 23:21:34    --------    d-----w-    C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub
2017-04-14 23:21:33    --------    d-----w-    C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub
2017-04-14 23:06:27    --------    d-----w-    C:\Users\Brian\AppData\Local\PeerDistRepub
2017-04-14 05:16:24    --------    d-----w-    C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps
2017-04-08 09:34:26    --------    d-----w-    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Programs
====== C:\Users\Brian ======
2017-04-09 17:10:15    43B07D33AFD75E736069F4C17E7F80B6    739392    ----a-w-    C:\Users\Brian\Downloads\JavaSetup8u121.exe
2017-04-09 04:19:14    19ADD7B17528EA14B27FDFAD46C3BF3D    1766912    ----a-w-    C:\Users\Brian\Downloads\FRST.exe

====== C: exe-files ==
2017-04-22 14:33:24    6B857CC5AB1BF3F0546866DAD1C27842    90    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-717800116-2120676930-3595230625-1000\$IXAKLAC.exe
2017-04-22 14:03:03    788FCDDD88240A85039F7F561093B118    448512    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-717800116-2120676930-3595230625-1000\$RXAKLAC.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIICE.EXE /EPT EPLTarget\P0000000000000000 /M XP-300 Series"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-717800116-2120676930-3595230625-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"CAHeadless"="C:\Program Files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe"
"SanDiskSecureAccess_Manager.exe"="C:\Users\Brian\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe"
"OneDrive"="C:\Users\Brian\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Adobe Acrobat Synchronizer"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
"Spybot-S&D Cleaning"="C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIICE.EXE /EPT EPLTarget\P0000000000000000 /M XP-300 Series"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Display"="C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe"
"DivXMediaServer"="C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"IntelliPoint"="c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe"
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"NvBackend"="C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap.dll,ShadowPlayOnSystemStart"
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"AdobeCS5.5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe -launchedbylogin"
"LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"EEventManager"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"CLMLServer_For_P2G8"="C:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"CLVirtualDrive"="C:\Program Files\CyberLink\Power2Go8\VirtualDrive.exe /R"
"EaseUS EPM tray"="C:\Program Files\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe"
"EaseUS Cleanup"="C:\Program Files\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe 10 300"
"EaseUS EPM Tray Agent"="C:\Program Files\EaseUS\EaseUS Partition Master 11.10\bin\TrayPopupE\TrayTipAgentE.exe"
"SDTray"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CAHeadless"="C:\Program Files\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe"
"SanDiskSecureAccess_Manager.exe"="C:\Users\Brian\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe"
"OneDrive"="C:\Users\Brian\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Adobe Acrobat Synchronizer"="C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
"Spybot-S&D Cleaning"="C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AcronisTibMounterMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AcronisTibMounterMonitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Acronis\\TibMounter\\TibMounterMonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Akamai NetSession Interface"
"hkey"="HKCU"
"command"="\"C:\\Users\\Brian\\AppData\\Local\\Akamai\\netsession_win.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConnectionCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ConnectionCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Citrix\\ICA Client\\concentr.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\Brian\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\WINDOWS\explorer.exe [03/04/2017 02:46 AM]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\system32\tasks\AdobeAAMUpdater-1.0-SaylorPC-Brian" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\WINDOWS\system32\tasks\BuzzSocialPoints_DNS_Checker" [C:\Windows\BuzzSocialPointsChecker\BSP_li.exe]
"C:\WINDOWS\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\system32\tasks\CreateExplorerShellUnelevatedTask" [C:\WINDOWS\explorer.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskUserS-1-5-21-717800116-2120676930-3595230625-1000Core" [C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskUserS-1-5-21-717800116-2120676930-3595230625-1000UA" [C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\Motorola Device Manager Engine" ["C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\WINDOWS\system32\tasks\Motorola Device Manager Initial Update" ["C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\WINDOWS\system32\tasks\Motorola Device Manager Update" ["C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\WINDOWS\system32\tasks\Norton WSC Integration" ["C:\Program Files\Norton 360\Engine\22.9.1.12\WSCStub.exe"]
"C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task v2" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe]
"C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{7846D68F-1BC4-47FD-A6B3-EC524CD65931}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]
"C:\WINDOWS\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]
"C:\WINDOWS\system32\tasks\Nero\Nero Info" ["C:\Program Files\Common Files\Nero\Nero Info\NeroInfo.exe"]
"C:\WINDOWS\system32\tasks\Norton 360\Norton 360 Autofix" [C:\Program Files\Norton 360\Engine\22.9.1.12\SymErr.exe]
"C:\WINDOWS\system32\tasks\Norton 360\Norton 360 Error Analyzer" [C:\Program Files\Norton 360\Engine\22.9.1.12\SymErr.exe]
"C:\WINDOWS\system32\tasks\Norton 360\Norton 360 Error Processor" [C:\Program Files\Norton 360\Engine\22.9.1.12\SymErr.exe]
"C:\WINDOWS\system32\tasks\Remediation\AntimalwareMigrationTask" ["C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe"]
"C:\WINDOWS\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]
"C:\WINDOWS\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe"]
"C:\WINDOWS\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe"]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2k6xxcq8.default-1449263469767
user_pref("browser.startup.homepage", "http://iamresponding.com/v3/agency/def.aspx|https://webcad.lcwc911.us/Login.aspx|http://www.lcwc911.us/lcwc/LiveStatus/LiveIncidentList.aspx");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\jhrot69z.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\pck9rbx7.default-1491436085102
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Elefa\AppData\Roaming\Mozilla\Firefox\Profiles\4sfu8ot1.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.9.0.71\coFFAddon" [04/05/2017 07:36 PM]
 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:33 PM

Posted 23 April 2017 - 08:14 AM


Again, it looks like the Firefox Extensions are causing this long delay.

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

If the problem persists run this scan.

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log

#15 Probie715

Probie715
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 25 April 2017 - 01:31 PM

Ran the Sophos scan and it discovered 1 issue. Clicked "Start Cleanup", it started then said something else was found during cleanup and it had to run the scan again. It is currently in the process of scanning a 2nd time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users