Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

keep seeing pop up/hearing warning that i have virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 denamcelwain

denamcelwain

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 19 May 2017 - 04:21 PM

when on any browser (chrome, ie, firefox) get pop up and voice saying warning, Microsoft has detected a virus with a pop up screen. I immediately hit ctrl alt delete to end the browser process, and shut it down. I have deleted browser history, uninstalled/reinstalled browser, and ran Norton 360  but it is still happening.  I am not seeing a blue screen of death or anyting when starting computer. this is just random when I am on internet. Actually, was on Symantec's website looking up the dang virus when it popped up again. argh.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017
Ran by Home Dena (administrator) on HOMEDENA-HP (19-05-2017 16:55:31)
Running from C:\Users\Home Dena\Downloads
Loaded Profiles: Home Dena (Available Profiles: Home Dena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Home Dena\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Smilebox, Inc.) C:\Users\Home Dena\AppData\Roaming\Smilebox\SmileboxTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\Creativity Suite\Event Manager\EEventManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.9.3.13\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.9.3.13\n360.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Symantec Corporation) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\NPE.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_25_0_0_171_ActiveX.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe [3331944 2009-12-03] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2006-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-03-16] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-30] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28734456 2017-05-16] (Dropbox, Inc.)
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\Run: [Spotify Web Helper] => C:\Users\Home Dena\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-05-10] (Spotify Ltd)
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\Run: [Spotify] => C:\Users\Home Dena\AppData\Roaming\Spotify\Spotify.exe [7064176 2017-05-10] (Spotify Ltd)
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\Run: [SmileboxTray] => C:\Users\Home Dena\AppData\Roaming\Smilebox\SmileboxTray.exe [346072 2016-07-20] (Smilebox, Inc.)
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\RunOnce: [*NPE] => C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\NPE.exe [4114200 2017-04-12] (Symantec Corporation)
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\MountPoints2: {96e252a8-bc08-11e1-8249-78e7d1c49378} - J:\setup.exe -a
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~3\INTERE~1\INTERE~2.DLL => No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk [2012-01-14]
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2010-04-28]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Home Dena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-09-08]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1210817248-1952507549-581455099-1001] => localhost:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4C26A04D-9EF3-4149-BB00-B144804D13C2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BB58F463-A125-4923-84BC-4C0729F3449E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
SearchScopes: HKLM -> DefaultScope {CF2CBD25-DF68-4C6C-97F3-666161171933} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CF2CBD25-DF68-4C6C-97F3-666161171933} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM -> {FC7E54E2-F0BE-46BE-8B92-61FD6E612386} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {CF2CBD25-DF68-4C6C-97F3-666161171933} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {CF2CBD25-DF68-4C6C-97F3-666161171933} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {FC7E54E2-F0BE-46BE-8B92-61FD6E612386} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22.9.3.13&locale=en_US&guid=E8B050BD-7336-11E0-B300-78E7D1C49378&doi=2016-09-01&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> {CF2CBD25-DF68-4C6C-97F3-666161171933} URL =
SearchScopes: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> {FC7E54E2-F0BE-46BE-8B92-61FD6E612386} URL =
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine32\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-15] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine32\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} -  No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

FireFox:
========
FF ProfilePath: C:\Users\Home Dena\AppData\Roaming\Mozilla\Firefox\Profiles\r5ns0jfy.default-1467147177518 [2017-05-19]
FF Homepage: Mozilla\Firefox\Profiles\r5ns0jfy.default-1467147177518 -> about:home
FF NetworkProxy: Mozilla\Firefox\Profiles\r5ns0jfy.default-1467147177518 -> type", 0
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2017-05-19]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-08-10]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-10] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1210817248-1952507549-581455099-1001: @eximion.com/KalydoPlayer -> C:\Users\Home Dena\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll [2012-08-30] (Eximion B.V.)
FF Plugin HKU\S-1-5-21-1210817248-1952507549-581455099-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Home Dena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1210817248-1952507549-581455099-1001: SkypePlugin -> C:\Users\Home Dena\AppData\Local\SkypePlugin\7.14.0.184\npGatewayNpapi.dll [2016-02-05] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1210817248-1952507549-581455099-1001: SkypePlugin64 -> C:\Users\Home Dena\AppData\Local\SkypePlugin\7.14.0.184\npGatewayNpapi-x64.dll [2016-02-05] (Skype Technologies S.A.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default [2017-05-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-06-14]
CHR Extension: (Skype) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.9.3.13\Exts\Chrome.crx [2017-05-15]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.9.3.13\Exts\Chrome.crx [2017-05-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-23] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-23] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-16] (Dropbox, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.9.3.13\N360.exe [326160 2017-05-11] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 BrotherWirelessSetupService; C:\Users\Home Dena\Downloads\install\wlan_wiz\wlan_assistant\waw.exe -s [X]
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20170516.001\BHDrvx64.sys [1831064 2017-04-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1609030.00D\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20170517.003\IDSvia64.sys [1053824 2017-05-19] (Symantec Corporation)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [23536 2010-01-19] (PC-Doctor, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SMR501; C:\Windows\System32\drivers\SMR501.SYS [111288 2017-05-19] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1609030.00D\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1609030.00D\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1609030.00D\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1609030.00D\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1609030.00D\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-05-30] (Wondershare)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160615.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160615.009\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-19 16:55 - 2017-05-19 16:56 - 00031350 _____ C:\Users\Home Dena\Downloads\FRST.txt
2017-05-19 16:54 - 2017-05-19 16:55 - 00000000 ___DC C:\FRST
2017-05-19 16:52 - 2017-05-19 16:52 - 02429952 _____ (Farbar) C:\Users\Home Dena\Downloads\FRST64.exe
2017-05-19 16:52 - 2017-05-19 16:52 - 02429952 _____ (Farbar) C:\Users\Home Dena\Downloads\FRST64 (1).exe
2017-05-19 16:36 - 2017-05-19 16:48 - 00000936 _____ C:\Windows\system32\Drivers\SMR501.dat
2017-05-19 16:36 - 2017-05-19 16:36 - 00111288 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR501.SYS
2017-05-19 16:23 - 2017-05-19 16:23 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-05-19 15:09 - 2017-05-19 15:09 - 00001305 _____ C:\Users\Home Dena\Desktop\Norton Installation Files.lnk
2017-05-19 15:07 - 2017-05-19 15:07 - 01027896 _____ (Symantec Corporation) C:\Users\Home Dena\Downloads\NortonN360Downloader.exe
2017-05-19 14:53 - 2017-05-19 14:53 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2017-05-19 14:44 - 2017-05-19 14:44 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2017-05-16 22:50 - 2017-05-16 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-16 17:01 - 2017-05-16 17:01 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-05-15 12:39 - 2017-05-15 12:39 - 00365404 _____ C:\Users\Home Dena\Downloads\insights_international_-_why_now.pdf
2017-05-15 12:38 - 2017-05-15 12:38 - 00402752 _____ C:\Users\Home Dena\Downloads\summit_wrap_up.pdf
2017-05-09 16:29 - 2017-04-27 21:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-09 16:29 - 2017-04-27 21:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-09 16:29 - 2017-04-27 21:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-09 16:29 - 2017-04-27 21:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-09 16:29 - 2017-04-27 21:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-09 16:29 - 2017-04-27 21:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-09 16:29 - 2017-04-27 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-09 16:29 - 2017-04-27 20:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-09 16:29 - 2017-04-27 20:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-09 16:29 - 2017-04-27 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-09 16:29 - 2017-04-27 20:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-09 16:29 - 2017-04-27 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-09 16:29 - 2017-04-27 20:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-09 16:29 - 2017-04-27 20:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-09 16:29 - 2017-04-27 20:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-09 16:29 - 2017-04-27 20:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-09 16:29 - 2017-04-27 20:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-09 16:29 - 2017-04-27 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-09 16:29 - 2017-04-27 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-09 16:29 - 2017-04-27 20:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-09 16:29 - 2017-04-27 20:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-09 16:29 - 2017-04-27 20:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-09 16:29 - 2017-04-27 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-09 16:29 - 2017-04-27 20:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-09 16:29 - 2017-04-27 20:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-09 16:29 - 2017-04-27 20:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-09 16:29 - 2017-04-27 20:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-09 16:29 - 2017-04-26 10:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-09 16:29 - 2017-04-21 11:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-09 16:29 - 2017-04-21 11:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-09 16:29 - 2017-04-19 20:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-09 16:29 - 2017-04-19 19:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-09 16:29 - 2017-04-17 11:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-09 16:29 - 2017-04-17 11:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-09 16:29 - 2017-04-17 11:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-09 16:29 - 2017-04-17 11:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-09 16:29 - 2017-04-17 11:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-09 16:29 - 2017-04-17 11:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-09 16:29 - 2017-04-17 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-09 16:29 - 2017-04-17 11:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-09 16:29 - 2017-04-17 10:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-09 16:29 - 2017-04-16 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-09 16:29 - 2017-04-16 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-09 16:29 - 2017-04-16 04:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-09 16:29 - 2017-04-16 04:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-09 16:29 - 2017-04-16 04:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-09 16:29 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-09 16:29 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-09 16:29 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-09 16:29 - 2017-04-16 04:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-09 16:29 - 2017-04-16 04:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-09 16:29 - 2017-04-16 04:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-09 16:29 - 2017-04-16 04:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-09 16:29 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-09 16:29 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-09 16:29 - 2017-04-16 04:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-09 16:29 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-09 16:29 - 2017-04-16 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-09 16:29 - 2017-04-16 04:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-09 16:29 - 2017-04-16 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-09 16:29 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-09 16:29 - 2017-04-16 04:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-09 16:29 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-09 16:29 - 2017-04-16 04:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-09 16:29 - 2017-04-16 04:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-09 16:29 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-09 16:29 - 2017-04-16 04:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-09 16:29 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-09 16:29 - 2017-04-16 04:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-09 16:29 - 2017-04-16 04:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-09 16:29 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-09 16:29 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-09 16:29 - 2017-04-16 03:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-09 16:29 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-09 16:29 - 2017-04-16 03:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-09 16:29 - 2017-04-16 03:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-09 16:29 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-09 16:29 - 2017-04-16 03:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-09 16:29 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-09 16:29 - 2017-04-16 03:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-09 16:29 - 2017-04-16 03:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-09 16:29 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-09 16:29 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-09 16:29 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-09 16:29 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-09 16:29 - 2017-04-16 03:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-09 16:29 - 2017-04-16 03:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-09 16:29 - 2017-04-16 03:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-09 16:29 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-09 16:29 - 2017-04-16 03:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-09 16:29 - 2017-04-16 03:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-09 16:29 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-09 16:29 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-09 16:29 - 2017-04-16 03:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-09 16:29 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-09 16:29 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-09 16:29 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-09 16:29 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-09 16:29 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-09 16:29 - 2017-04-16 03:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-09 16:29 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-09 16:29 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-09 16:29 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-09 16:29 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-09 16:29 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-09 16:29 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-09 16:29 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-09 16:29 - 2017-04-12 11:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-09 16:29 - 2017-04-12 11:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-09 16:29 - 2017-04-12 11:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-09 16:29 - 2017-04-12 11:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-09 16:29 - 2017-04-12 11:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-09 16:29 - 2017-04-12 11:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-09 16:29 - 2017-04-12 11:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-09 16:29 - 2017-04-12 11:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-09 16:29 - 2017-04-07 11:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-09 16:29 - 2017-04-07 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-09 16:29 - 2017-04-07 11:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-09 16:29 - 2017-04-07 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-09 16:29 - 2017-04-07 11:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-09 16:29 - 2017-04-05 10:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-09 16:29 - 2017-04-05 10:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-09 16:29 - 2017-04-05 10:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-09 16:29 - 2017-04-04 11:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-09 16:29 - 2017-04-04 11:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-09 16:29 - 2017-04-04 11:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-09 16:29 - 2017-04-04 10:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-09 16:29 - 2017-04-04 10:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-09 16:29 - 2017-03-10 12:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-09 16:29 - 2017-03-10 12:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-09 16:29 - 2017-03-10 12:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-09 16:29 - 2017-03-10 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-09 16:29 - 2017-03-10 11:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-09 16:29 - 2017-03-10 11:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-09 16:29 - 2017-03-10 11:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-09 16:29 - 2017-03-09 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-09 16:29 - 2017-03-09 12:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-09 10:41 - 2017-05-09 10:41 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-05-09 10:41 - 2017-05-09 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-05-09 10:39 - 2017-05-09 10:41 - 00000000 ____D C:\Program Files\iTunes
2017-05-09 10:39 - 2017-05-09 10:39 - 00000000 ____D C:\Program Files\iPod
2017-05-09 10:37 - 2017-05-09 10:37 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-05-09 10:37 - 2017-05-09 10:37 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-05-09 10:36 - 2017-05-09 10:36 - 00000000 ____D C:\Program Files\Bonjour
2017-05-09 10:36 - 2017-05-09 10:36 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-05-09 10:31 - 2017-05-09 10:31 - 00072216 _____ C:\Users\Home Dena\Downloads\Newsletter Editor.pdf
2017-05-09 10:26 - 2017-05-09 10:27 - 257659208 _____ (Apple Inc.) C:\Users\Home Dena\Downloads\iTunes64Setup.exe
2017-04-21 16:54 - 2017-04-21 16:54 - 00000252 _____ C:\Users\Home Dena\Documents\maxresdefault.jpg (JPEG Image, 1280 × 720 pixels) - Scaled (92%).URL
2017-04-21 16:53 - 2017-04-21 16:53 - 00000288 _____ C:\Users\Home Dena\Documents\01-cat-wants-to-tell-you-laptop.jpg (JPEG Image, 2400 × 1600 pixels) - Scaled (47%).URL
2017-04-21 16:35 - 2017-04-21 16:35 - 00000357 _____ C:\Users\Home Dena\Documents\Nyan_cat_6120x2400_by_norbi9696-d4162a4.png (PNG Image, 6120 × 2400 pixels) - Scaled (19%).URL
2017-04-19 15:48 - 2017-04-19 15:48 - 00045482 _____ C:\Users\Home Dena\Downloads\Untitleddocument.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-19 16:48 - 2014-02-06 17:11 - 00000000 ____D C:\Users\Home Dena\AppData\Local\NPE
2017-05-19 16:33 - 2016-11-16 21:12 - 00000000 ____D C:\Users\Home Dena\AppData\LocalLow\Mozilla
2017-05-19 16:30 - 2016-05-23 15:56 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-05-19 16:30 - 2016-05-23 15:56 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-05-19 16:23 - 2015-08-02 14:03 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-19 15:10 - 2011-08-05 20:55 - 00000000 ____D C:\Users\Home Dena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2017-05-19 15:10 - 2010-04-28 09:22 - 00000000 ____D C:\ProgramData\Norton
2017-05-19 15:09 - 2011-08-05 20:55 - 00000000 ____D C:\Users\Public\Downloads\Norton
2017-05-19 14:56 - 2016-02-15 17:45 - 00000000 ____D C:\Users\Home Dena\AppData\Roaming\Skype
2017-05-19 14:55 - 2012-06-22 20:00 - 00000000 ____D C:\Users\Home Dena\AppData\Local\Spotify
2017-05-19 14:55 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-19 14:55 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-19 14:47 - 2012-06-22 20:00 - 00000000 ____D C:\Users\Home Dena\AppData\Roaming\Spotify
2017-05-19 14:46 - 2011-08-05 21:05 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2017-05-19 14:42 - 2015-10-02 07:37 - 00000000 ___RD C:\Users\Home Dena\iCloudDrive
2017-05-19 14:42 - 2015-07-08 07:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2017-05-19 14:42 - 2014-01-07 16:04 - 00000000 ____D C:\Temp
2017-05-19 14:42 - 2011-08-05 21:05 - 00002215 _____ C:\Users\Public\Desktop\Norton 360.lnk
2017-05-19 14:41 - 2013-07-27 16:31 - 00000424 ____H C:\Windows\Tasks\schedule!3036567561.job
2017-05-19 14:41 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-19 14:40 - 2014-04-23 20:57 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-19 14:38 - 2014-04-23 16:43 - 00000518 _____ C:\Windows\wininit.ini
2017-05-19 14:37 - 2011-08-05 21:05 - 00102608 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2017-05-19 14:37 - 2011-08-05 21:05 - 00008339 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2017-05-19 14:32 - 2010-04-28 08:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-19 13:57 - 2012-07-10 09:32 - 00000000 ____D C:\Users\Home Dena\AppData\Local\CrashDumps
2017-05-19 13:54 - 2014-05-11 10:59 - 00000000 ____D C:\Users\Home Dena\AppData\Roaming\Wondershare
2017-05-19 13:15 - 2015-02-13 08:16 - 00007891 _____ C:\Windows\BRRBCOM.INI
2017-05-19 13:11 - 2011-06-23 18:56 - 00000000 ____D C:\Users\Home Dena\Documents\DENA
2017-05-18 15:18 - 2016-11-15 22:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-16 22:51 - 2016-05-23 15:56 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-05-11 18:55 - 2016-06-14 11:27 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 18:55 - 2016-06-14 11:27 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-10 12:52 - 2012-12-26 11:59 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-10 12:52 - 2012-12-26 11:59 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 12:52 - 2012-12-26 11:59 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 12:52 - 2012-08-02 19:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-10 12:52 - 2010-04-28 08:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-10 11:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-10 05:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-05-10 03:41 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-10 03:34 - 2009-07-14 00:45 - 00356328 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-10 03:33 - 2012-12-28 21:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-10 03:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 03:12 - 2014-02-26 04:04 - 00774632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-10 03:09 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2017-05-10 03:03 - 2012-07-22 19:03 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-09 10:39 - 2015-02-11 21:14 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2017-05-09 10:39 - 2012-09-06 18:04 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-05-09 10:37 - 2012-09-06 18:05 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-05-06 15:31 - 2015-01-02 18:28 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-04 16:29 - 2014-12-09 08:54 - 00000000 ___RD C:\Users\Home Dena\Dropbox
2017-05-01 09:19 - 2015-11-29 16:40 - 00000000 ____D C:\Users\Home Dena\Documents\MATT HOMEWORK
2017-04-30 10:17 - 2011-04-30 10:27 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2017-04-28 01:31 - 2011-08-23 11:13 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 01:31 - 2011-08-23 11:13 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2013-08-10 14:31 - 2013-08-10 14:31 - 0003715 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-12-09 15:33 - 2014-12-09 15:33 - 0000042 _____ () C:\Users\Home Dena\AppData\Roaming\WB.CFG
2012-10-10 20:19 - 2016-12-31 13:23 - 0026064 _____ () C:\Users\Home Dena\AppData\Roaming\wklnhst.dat
2014-05-06 16:27 - 2017-03-01 16:29 - 0007604 _____ () C:\Users\Home Dena\AppData\Local\Resmon.ResmonCfg
2012-04-13 11:02 - 2013-09-08 22:12 - 0007947 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2013-07-27 16:30 - 2013-03-12 04:59 - 0275552 ___RS (Tarma Software Research Pty Ltd) C:\Users\Home Dena\AppData\Local\Temp\Tsu8E3881FC.dll
2006-05-24 13:10 - 2006-05-24 13:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Home Dena\AppData\Local\Temp\_is5B53.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\p2pcollab.dll
C:\Windows\System32\rdpdd.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-03 19:53

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:15 PM

Posted 21 May 2017 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
Interenet Optimizer (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}) (Version: - GreatSoft) <==== ATTENTION
Unity Web Player (HKU\S-1-5-21-1210817248-1952507549-581455099-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

AppInit_DLLs: C:\PROGRA~3\INTERE~1\INTERE~2.DLL => No File
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe (No File)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM -> {FC7E54E2-F0BE-46BE-8B92-61FD6E612386} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {FC7E54E2-F0BE-46BE-8B92-61FD6E612386} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22.9.3.13&locale=en_US&guid=E8B050BD-7336-11E0-B300-78E7D1C49378&doi=2016-09-01&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} -  No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-08-10]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1210817248-1952507549-581455099-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Home Dena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
CHR Extension: (Norton Security Toolbar) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
S3 BrotherWirelessSetupService; C:\Users\Home Dena\Downloads\install\wlan_wiz\wlan_assistant\waw.exe -s [X]
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160615.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160615.009\EX64.SYS [X]
Task: {DD509224-9BFE-46F0-A016-E1311E675352} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe  <==== ATTENTION
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe K/schedule /profile c:\programdata\bettersoft\optimizerpro\3036567561.ini <==== ATTENTION
C:\Windows\System32\Tasks\schedule!3036567561
C:\ProgramData\BetterSoft\OptimizerPro
C:\Windows\Tasks\schedule!3036567561.job

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
===

Please post the logs and let me know what problem persists with this computer.

#3 denamcelwain

denamcelwain
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 22 May 2017 - 03:43 PM

Thank you so much. So first of all, I was not able to delete Interenet Optimizer at all from control panel/programs/ . It says  "there was a problem starting that file .. module could not be found". But i removed unity webplayer. Then I kept moving forward . Ran FRST then got the fixlog for that here: (also attached it as as file as well) 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Home Dena (22-05-2017 14:54:43) Run:1
Running from C:\Users\Home Dena\Desktop
Loaded Profiles: Home Dena (Available Profiles: Home Dena)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
AppInit_DLLs: C:\PROGRA~3\INTERE~1\INTERE~2.DLL => No File
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe (No File)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
URL =
SearchScopes: HKLM -> {FC7E54E2-F0BE-46BE-8B92-61FD6E612386} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {FC7E54E2-F0BE-46BE-8B92-61FD6E612386} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22.9.3.13&locale=en_US&guid=E8B050BD-7336-11E0-B300-78E7D1C49378&doi=2016-09-01&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name -
{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} -  No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-08-10]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1210817248-1952507549-581455099-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Home Dena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
CHR Extension: (Norton Security Toolbar) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
[2017-05-12]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
S3 BrotherWirelessSetupService; C:\Users\Home Dena\Downloads\install\wlan_wiz\wlan_assistant\waw.exe -s [X]
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160615.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160615.009\EX64.SYS [X]
Task: {DD509224-9BFE-46F0-A016-E1311E675352} -
System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe  <==== ATTENTION
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe K/schedule /profile c:\programdata\bettersoft\optimizerpro\3036567561.ini <==== ATTENTION
C:\Windows\System32\Tasks\schedule!3036567561
C:\ProgramData\BetterSoft\OptimizerPro
C:\Windows\Tasks\schedule!3036567561.job
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\PROGRA~3\INTERE~1\INTERE~2.DLL" => Value data removed successfully.
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => value not found.
URL = => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC7E54E2-F0BE-46BE-8B92-61FD6E612386} => key removed successfully
HKCR\CLSID\{FC7E54E2-F0BE-46BE-8B92-61FD6E612386} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FC7E54E2-F0BE-46BE-8B92-61FD6E612386} => key removed successfully
HKCR\Wow6432Node\CLSID\{FC7E54E2-F0BE-46BE-8B92-61FD6E612386} => key not found. 
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. 
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - => value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - => key not found. 
{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} -  No File => Error: No automatic fix found for this entry.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => key not found. 
C:\Users\Home Dena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => moved successfully
C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
CHR Extension: (Chrome Media Router) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => not found
[2017-05-12] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce => key removed successfully
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce => key removed successfully
HKLM\System\CurrentControlSet\Services\BrotherWirelessSetupService => key removed successfully
BrotherWirelessSetupService => service removed successfully
HKLM\System\CurrentControlSet\Services\HP Health Check Service => key removed successfully
HP Health Check Service => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {DD509224-9BFE-46F0-A016-E1311E675352} - => key not found. 
System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe  <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Windows\Tasks\schedule!3036567561.job => moved successfully
C:\Windows\System32\Tasks\schedule!3036567561 => moved successfully
"C:\ProgramData\BetterSoft\OptimizerPro" => not found.
"C:\Windows\Tasks\schedule!3036567561.job" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7139531 B
Java, Flash, Steam htmlcache => 609 B
Windows/system/drivers => 88986 B
Edge => 0 B
Chrome => 61044254 B
Firefox => 36308811 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 36082531 B
systemprofile32 => 71744 B
LocalService => 132244 B
NetworkService => 92388 B
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-05-2017 14:56:40)
 
==> ATTENTION: ATTENTION: System is not rebooted.
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.
 
==== End of Fixlog 14:56:40 ====
 

 

THEN I continued on and ran a Malwarebytes Anti Malware scan and it fixed a few items.  I got the  log for that here (also attached it as a file as well)  . Computer prompted to shutdown and restart so i did.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 5/22/17
Scan Time: 3:03 PM
Log File: export malware bytes scan 5 22 2017.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1996
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: HomeDena-HP\Home Dena
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 391145
Threats Detected: 27
Threats Quarantined: 25
Time Elapsed: 16 min, 21 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 6
PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [3839], [169016],1.0.1996
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [3839], [169016],1.0.1996
PUP.Optional.ConduitTB.Gen, HKCR\\Toolbar.CT3196716, Delete-on-Reboot, [11658], [234010],1.0.1996
PUP.Optional.BetterSoft, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\schedule!3036567561, Quarantined, [3659], [245579],1.0.1996
PUP.Optional.InstallCore, HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\InstallCore, Quarantined, [3], [239563],1.0.1996
PUP.Optional.Conduit, HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [563], [236861],1.0.1996
 
Registry Value: 2
PUP.Optional.MindSpark, HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, Quarantined, [271], [168501],1.0.1996
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|APPPATH, Quarantined, [7925], [232752],1.0.1996
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 8
PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-Stub, Quarantined, [9495], [175062],1.0.1996
PUP.Optional.SaveLoots, C:\PROGRAMDATA\SaveLootS, Quarantined, [12370], [179316],1.0.1996
PUP.Optional.MultiPlug, C:\PROGRAMDATA\NGCCKPDLCPNKBKKLDJNJPEHHFBNANNJH, Quarantined, [267], [233502],1.0.1996
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater, Quarantined, [9495], [175065],1.0.1996
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar, Quarantined, [9495], [175065],1.0.1996
PUP.Optional.APNToolBar.Gen, C:\PROGRAM FILES (X86)\AskPartnerNetwork, Quarantined, [9495], [175065],1.0.1996
PUP.Optional.SaveLoots, C:\PROGRAM FILES (X86)\SaveLootS, Quarantined, [12370], [179317],1.0.1996
PUP.Optional.Conduit, C:\USERS\HOME DENA\APPDATA\LOCALLOW\CONDUIT, Quarantined, [563], [182117],1.0.1996
 
File: 11
PUP.Optional.MultiPlug, C:\PROGRAMDATA\NGCCKPDLCPNKBKKLDJNJPEHHFBNANNJH\LSDB.JS, Quarantined, [267], [233502],1.0.1996
PUP.Optional.MultiPlug, C:\ProgramData\ngcckpdlcpnkbkkldjnjpehhfbnannjh\background.html, Quarantined, [267], [233502],1.0.1996
PUP.Optional.MultiPlug, C:\ProgramData\ngcckpdlcpnkbkkldjnjpehhfbnannjh\content.js, Quarantined, [267], [233502],1.0.1996
PUP.Optional.MultiPlug, C:\ProgramData\ngcckpdlcpnkbkkldjnjpehhfbnannjh\manifest.json, Quarantined, [267], [233502],1.0.1996
PUP.Optional.MultiPlug, C:\PROGRAMDATA\NTUSER.POL, Removal Failed, [267], [-1],0.0.0
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe, Quarantined, [9495], [175065],1.0.1996
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe, Quarantined, [9495], [175065],1.0.1996
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe, Quarantined, [9495], [175065],1.0.1996
Adware.Agent, C:\USERS\HOME DENA\APPDATA\LOCAL\TEMP\{A53CC082-DE43-479C-A577-96617EDFE274}\CUSTOM.DLL, Removal Failed, [246], [46449],1.0.1996
PUP.Optional.Ilivid, C:\USERS\HOME DENA\VIDEOS\ILIVIDSETUP-R504-N-BU.EXE, Quarantined, [3556], [56018],1.0.1996
PUP.Optional.ASK, C:\USERS\HOME DENA\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\SEARCH_ASK.COM.XML, Quarantined, [510], [339227],1.0.1996
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 

 

 

Then ran AdwCleaner and it fixed a few items. Got the log for that here too (also attached it as a file too) . It then prompted shutdown and restart before i could runlean i AdwCleaner so i did, then restarted computer and then  hit clean on Adw Cleaner

 

# AdwCleaner v6.047 - Logfile created 22/05/2017 at 15:57:06
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-22.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Home Dena - HOMEDENA-HP
# Running from : C:\Users\Home Dena\Desktop\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\2f162024cc037f24
[-] Folder deleted: C:\ProgramData\CouPExToeNsaionn
[-] Folder deleted: C:\Users\Home Dena\AppData\LocalLow\wiseconvert
[-] Folder deleted: C:\ProgramData\apn
[-] Folder deleted: C:\ProgramData\Ask
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Ask
[-] Folder deleted: C:\Program Files (x86)\Vaudix
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
 
 
***** [ Files ] *****
 
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetup-r504-n-bf.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\.bgl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\.bgl
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\ilivid
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\Winferno
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\AppDataLow\Software\Toolbar
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\ilivid
[#] Key deleted on reboot: HKCU\Software\Winferno
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Toolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\SP Global
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\ilivid
[#] Key deleted on reboot: [x64] HKCU\Software\Winferno
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [7856 Bytes] - [22/05/2017 15:57:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [7802 Bytes] - [22/05/2017 15:52:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [7872 Bytes] - [22/05/2017 15:55:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8075 Bytes] ##########
 

 

 

Shutdown and rebooted again; updated java. I also restarted after that then disabled java in browsers then rebooted again. 

 

Checked control panel/features to see if old version of java were deleted and they were. The Interenet Optimizer is still showing there and will not let me delete. 

 

 

Advise? Thank you so much.    

 

 



#4 denamcelwain

denamcelwain
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 22 May 2017 - 03:43 PM

Thank you so much. So first of all, I was not able to delete Interenet Optimizer at all from control panel/programs/ . It says  "there was a problem starting that file .. module could not be found". But i removed unity webplayer. Then I kept moving forward . Ran FRST then got the fixlog for that here: (also attached it as as file as well) 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Home Dena (22-05-2017 14:54:43) Run:1
Running from C:\Users\Home Dena\Desktop
Loaded Profiles: Home Dena (Available Profiles: Home Dena)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
AppInit_DLLs: C:\PROGRA~3\INTERE~1\INTERE~2.DLL => No File
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe (No File)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
URL =
SearchScopes: HKLM -> {FC7E54E2-F0BE-46BE-8B92-61FD6E612386} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {FC7E54E2-F0BE-46BE-8B92-61FD6E612386} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22.9.3.13&locale=en_US&guid=E8B050BD-7336-11E0-B300-78E7D1C49378&doi=2016-09-01&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name -
{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} -  No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2013-08-10]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1210817248-1952507549-581455099-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Home Dena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
CHR Extension: (Norton Security Toolbar) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
[2017-05-12]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
S3 BrotherWirelessSetupService; C:\Users\Home Dena\Downloads\install\wlan_wiz\wlan_assistant\waw.exe -s [X]
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160615.009\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160615.009\EX64.SYS [X]
Task: {DD509224-9BFE-46F0-A016-E1311E675352} -
System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe  <==== ATTENTION
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe K/schedule /profile c:\programdata\bettersoft\optimizerpro\3036567561.ini <==== ATTENTION
C:\Windows\System32\Tasks\schedule!3036567561
C:\ProgramData\BetterSoft\OptimizerPro
C:\Windows\Tasks\schedule!3036567561.job
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\PROGRA~3\INTERE~1\INTERE~2.DLL" => Value data removed successfully.
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => value not found.
URL = => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC7E54E2-F0BE-46BE-8B92-61FD6E612386} => key removed successfully
HKCR\CLSID\{FC7E54E2-F0BE-46BE-8B92-61FD6E612386} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{FC7E54E2-F0BE-46BE-8B92-61FD6E612386} => key removed successfully
HKCR\Wow6432Node\CLSID\{FC7E54E2-F0BE-46BE-8B92-61FD6E612386} => key not found. 
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. 
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - => value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-1210817248-1952507549-581455099-1001 -> No Name - => key not found. 
{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} -  No File => Error: No automatic fix found for this entry.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => key not found. 
C:\Users\Home Dena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => moved successfully
C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
CHR Extension: (Chrome Media Router) - C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => not found
[2017-05-12] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce => key removed successfully
HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce => key removed successfully
HKLM\System\CurrentControlSet\Services\BrotherWirelessSetupService => key removed successfully
BrotherWirelessSetupService => service removed successfully
HKLM\System\CurrentControlSet\Services\HP Health Check Service => key removed successfully
HP Health Check Service => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {DD509224-9BFE-46F0-A016-E1311E675352} - => key not found. 
System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe  <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Windows\Tasks\schedule!3036567561.job => moved successfully
C:\Windows\System32\Tasks\schedule!3036567561 => moved successfully
"C:\ProgramData\BetterSoft\OptimizerPro" => not found.
"C:\Windows\Tasks\schedule!3036567561.job" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7139531 B
Java, Flash, Steam htmlcache => 609 B
Windows/system/drivers => 88986 B
Edge => 0 B
Chrome => 61044254 B
Firefox => 36308811 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 36082531 B
systemprofile32 => 71744 B
LocalService => 132244 B
NetworkService => 92388 B
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 22-05-2017 14:56:40)
 
==> ATTENTION: ATTENTION: System is not rebooted.
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.
 
==== End of Fixlog 14:56:40 ====
 

 

THEN I continued on and ran a Malwarebytes Anti Malware scan and it fixed a few items.  I got the  log for that here (also attached it as a file as well)  . Computer prompted to shutdown and restart so i did.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 5/22/17
Scan Time: 3:03 PM
Log File: export malware bytes scan 5 22 2017.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1996
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: HomeDena-HP\Home Dena
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 391145
Threats Detected: 27
Threats Quarantined: 25
Time Elapsed: 16 min, 21 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 6
PUP.Optional.WeCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [3839], [169016],1.0.1996
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [3839], [169016],1.0.1996
PUP.Optional.ConduitTB.Gen, HKCR\\Toolbar.CT3196716, Delete-on-Reboot, [11658], [234010],1.0.1996
PUP.Optional.BetterSoft, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\schedule!3036567561, Quarantined, [3659], [245579],1.0.1996
PUP.Optional.InstallCore, HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\InstallCore, Quarantined, [3], [239563],1.0.1996
PUP.Optional.Conduit, HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [563], [236861],1.0.1996
 
Registry Value: 2
PUP.Optional.MindSpark, HKU\S-1-5-21-1210817248-1952507549-581455099-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}, Quarantined, [271], [168501],1.0.1996
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|APPPATH, Quarantined, [7925], [232752],1.0.1996
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 8
PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-Stub, Quarantined, [9495], [175062],1.0.1996
PUP.Optional.SaveLoots, C:\PROGRAMDATA\SaveLootS, Quarantined, [12370], [179316],1.0.1996
PUP.Optional.MultiPlug, C:\PROGRAMDATA\NGCCKPDLCPNKBKKLDJNJPEHHFBNANNJH, Quarantined, [267], [233502],1.0.1996
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater, Quarantined, [9495], [175065],1.0.1996
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar, Quarantined, [9495], [175065],1.0.1996
PUP.Optional.APNToolBar.Gen, C:\PROGRAM FILES (X86)\AskPartnerNetwork, Quarantined, [9495], [175065],1.0.1996
PUP.Optional.SaveLoots, C:\PROGRAM FILES (X86)\SaveLootS, Quarantined, [12370], [179317],1.0.1996
PUP.Optional.Conduit, C:\USERS\HOME DENA\APPDATA\LOCALLOW\CONDUIT, Quarantined, [563], [182117],1.0.1996
 
File: 11
PUP.Optional.MultiPlug, C:\PROGRAMDATA\NGCCKPDLCPNKBKKLDJNJPEHHFBNANNJH\LSDB.JS, Quarantined, [267], [233502],1.0.1996
PUP.Optional.MultiPlug, C:\ProgramData\ngcckpdlcpnkbkkldjnjpehhfbnannjh\background.html, Quarantined, [267], [233502],1.0.1996
PUP.Optional.MultiPlug, C:\ProgramData\ngcckpdlcpnkbkkldjnjpehhfbnannjh\content.js, Quarantined, [267], [233502],1.0.1996
PUP.Optional.MultiPlug, C:\ProgramData\ngcckpdlcpnkbkkldjnjpehhfbnannjh\manifest.json, Quarantined, [267], [233502],1.0.1996
PUP.Optional.MultiPlug, C:\PROGRAMDATA\NTUSER.POL, Removal Failed, [267], [-1],0.0.0
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe, Quarantined, [9495], [175065],1.0.1996
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe, Quarantined, [9495], [175065],1.0.1996
PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe, Quarantined, [9495], [175065],1.0.1996
Adware.Agent, C:\USERS\HOME DENA\APPDATA\LOCAL\TEMP\{A53CC082-DE43-479C-A577-96617EDFE274}\CUSTOM.DLL, Removal Failed, [246], [46449],1.0.1996
PUP.Optional.Ilivid, C:\USERS\HOME DENA\VIDEOS\ILIVIDSETUP-R504-N-BU.EXE, Quarantined, [3556], [56018],1.0.1996
PUP.Optional.ASK, C:\USERS\HOME DENA\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\SEARCH_ASK.COM.XML, Quarantined, [510], [339227],1.0.1996
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 

 

 

Then ran AdwCleaner and it fixed a few items. Got the log for that here too (also attached it as a file too) . It then prompted shutdown and restart before i could runlean i AdwCleaner so i did, then restarted computer and then  hit clean on Adw Cleaner

 

# AdwCleaner v6.047 - Logfile created 22/05/2017 at 15:57:06
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-22.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Home Dena - HOMEDENA-HP
# Running from : C:\Users\Home Dena\Desktop\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\2f162024cc037f24
[-] Folder deleted: C:\ProgramData\CouPExToeNsaionn
[-] Folder deleted: C:\Users\Home Dena\AppData\LocalLow\wiseconvert
[-] Folder deleted: C:\ProgramData\apn
[-] Folder deleted: C:\ProgramData\Ask
[#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Ask
[-] Folder deleted: C:\Program Files (x86)\Vaudix
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
 
 
***** [ Files ] *****
 
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetup-r504-n-bf.exe
[-] Key deleted: HKLM\SOFTWARE\Classes\.bgl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\.bgl
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\ilivid
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\Winferno
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\AppDataLow\Software\Toolbar
[-] Key deleted: HKU\S-1-5-21-1210817248-1952507549-581455099-1001\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\ilivid
[#] Key deleted on reboot: HKCU\Software\Winferno
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Toolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key deleted: HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\SP Global
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\ilivid
[#] Key deleted on reboot: [x64] HKCU\Software\Winferno
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Home Dena\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [7856 Bytes] - [22/05/2017 15:57:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [7802 Bytes] - [22/05/2017 15:52:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [7872 Bytes] - [22/05/2017 15:55:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8075 Bytes] ##########
 

 

 

Shutdown and rebooted again; updated java. I also restarted after that then disabled java in browsers then rebooted again. 

 

Checked control panel/features to see if old version of java were deleted and they were. The Interenet Optimizer is still showing there and will not let me delete. 

 

 

Advise? Thank you so much.    

 

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:15 PM

Posted 23 May 2017 - 07:21 AM


I was not able to delete Interenet Optimizer at all from control panel/programs/ . It says "there was a problem starting that file .. module could not be found"

The program was removed previously. What we are seeing is a remnant item in the registry. Nothing can come of it.

If you wish to remove it from the Program list follow the instructions on this page.
https://support.microsoft.com/en-ie/help/247501/how-to-manually-remove-programs-from-the-add-remove-programs-list
===

Has your problem been solved?

#6 denamcelwain

denamcelwain
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 23 May 2017 - 07:43 AM

Yes it seems to be resolved - ran another norton scan then malearebytes and also adwcleaner and they found nothing additional. Thank you !!!!

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:15 PM

Posted 23 May 2017 - 07:48 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users