Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible undetected malware; Firefox memory leak and drain of system resources


  • This topic is locked This topic is locked
52 replies to this topic

#1 sbutk1

sbutk1

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:49 PM

Posted 13 March 2018 - 10:55 AM

[FRST scan info follows post]

 

Hello,

 

After receiving initial help from various users in the Bleeping Computer forums, I’ve been instructed to post here for further assistance.  I’m not 100 percent certain that I have a malware infection; but I’m hoping from the information I’m posting, someone will be able to help decipher the symptoms and warning signs that have been plaguing my computer lately.

 

The problems I’m referring to seem to have arisen around the time that Firefox v. 57.0 (Quantam) was rolled out.  Invariably after utilizing my browser for some period of time, it seems that my CPU gets bogged down; Memory Usage shoots through the roof; and system becomes so sluggish and unresponsive that it’s rendered all but unusable.

 

A termination of Firefox with Task Manager will free up system resources enough such that the system operates somewhat normally again; but upon reopening Firefox to resume my work, the cycle inevitably repeats itself.

 

In fact, this memory leakage while using Firefox seems to eventually hog system resources to the point that simple copy-and-paste operations into MS Word; browsing to folders within Windows Explorer; typing lags; and other basic operations such as saving can take a painfully long time to complete.  I have seen the dreaded “Not Responding” header at the top of multiple applications far too often.  This leads me to believe that my system has a tendency to become dangerously short on resources, and even the most mundane of tasks seem to take forever.

 

Scans with both Webroot Internet Security Complete and Malwarebytes both declare my system to be clean, although the possibility probably remains that I have undetected malware.  Windows Memory Diagnostic Tool checks out too.

 

At the advice of other helpers on Bleeping Computer, I’ve also performed scans with MiniToolbox, Speccy, SeaTools, and sfc /scannow.  To my own untrained eye, none of those has proven to be a smoking-gun, but the results of any or all of those scans can be provided upon request.

 

 

 

Results from running Farbar Recovery Scan Tool (FRST) are as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.03.2018

Ran by Steve (administrator) on STEVE-PC (09-03-2018 14:26:02)

Running from C:\Users\Steve\Downloads

Loaded Profiles: Steve (Available Profiles: Steve)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Webroot) C:\Program Files\Webroot\WRSA.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe

() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe

(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe

(Webroot) C:\Program Files\Webroot\WRSA.exe

(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot

HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-12-01] (Symantec Corporation)

HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [1253368 2018-02-01] (Webroot)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-02-26] (Dropbox, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-760699709-3465939181-808897853-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)

HKU\S-1-5-21-760699709-3465939181-808897853-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1422248 2018-02-08] (Garmin Ltd. or its subsidiaries)

HKU\S-1-5-21-760699709-3465939181-808897853-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1422248 2018-02-08] (Garmin Ltd. or its subsidiaries)

HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-05-02]

ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-05-02]

ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{4045AEEE-7EBD-4F06-8ADD-796C11F3457E}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{7C07788E-3C87-49B9-A02C-9DC3A139A32E}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=21.6.0.32

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=21.6.0.32

HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=21.6.0.32

HKU\S-1-5-21-760699709-3465939181-808897853-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-760699709-3465939181-808897853-1000 -> DefaultScope {D1D2F467-4B35-4ADD-98B0-0EA7EF9A7D6D} URL =

SearchScopes: HKU\S-1-5-21-760699709-3465939181-808897853-1000 -> {D1D2F467-4B35-4ADD-98B0-0EA7EF9A7D6D} URL =

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-07-30] (RealDownloader)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-31] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2017-05-02] (Webroot)

BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2018-02-13] (Webroot)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-31] (Oracle Corporation)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-07-30] (RealDownloader)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2017-05-02] (Webroot)

BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2018-02-13] (Webroot)

Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2017-05-02] (Webroot)

Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2017-05-02] (Webroot)

 

FireFox:

========

FF DefaultProfile: sy21f17k.default-1483740629339-1511191350448

FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\obiafvk2.Steve recover [2018-03-09]

FF Session Restore: Mozilla\Firefox\Profiles\obiafvk2.Steve recover -> is enabled.

FF Extension: (Webroot Password Manager) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\obiafvk2.Steve recover\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2017-05-02]

FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448 [2018-03-09]

FF Homepage: Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448 -> moz-extension://96e9bd96-17e1-4224-b382-96aab6b6bd6f/newtab/newtab.html

FF Session Restore: Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448 -> is enabled.

FF NewTabOverride: Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448 -> Disabled: web@Converter

FF Extension: (All Tabs Helper) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\alltabshelper@alltabshelper.org.xpi [2017-12-05]

FF Extension: (Flash Video Downloader) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\artur.dubovoy@gmail.com.xpi [2018-03-04]

FF Extension: (The Camelizer) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\izer@camelcamelcamel.com.xpi [2018-01-06]

FF Extension: (Tab Session Manager) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\Tab-Session-Manager@sienori.xpi [2018-03-05]

FF Extension: (Converter) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\web@Converter.xpi [2017-11-27]

FF Extension: (Download all Images) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi [2018-02-26]

FF Extension: (NoScript) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-02-08]

FF Extension: (Unload Tab) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\{b3fdb2a9-f31a-4f12-b7b3-085aba679868}.xpi [2017-12-20]

FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon => not found

FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_WEBEX

FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FF_WEBEX [2018-02-13]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-19] [Legacy] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon => not found

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()

FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-31] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-31] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-09-19] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-07-30] (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-09-19] (RealPlayer Cloud)

FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)

 

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)

R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-02-26] (Dropbox, Inc.)

R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2017-12-14] (Dell Inc.)

R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294608 2017-12-14] (Dell Inc.)

R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2017-12-14] (Dell Inc.)

S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-29] (Symantec Corporation)

R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1162768 2018-02-08] (Garmin Ltd. or its subsidiaries)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-29] (Symantec)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()

R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-19] (RealNetworks, Inc.)

R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]

S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-29] (Symantec Corporation)

R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [41432 2018-02-14] (Dell Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [1253368 2018-02-01] (Webroot)

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)

R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)

R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [31040 2014-04-29] (EldoS Corporation)

R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [144256 2018-01-09] (Webroot)

S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [68384 2018-02-01] (Webroot)

S3 dbx; system32\DRIVERS\dbx.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-03-09 14:27 - 2018-03-09 14:27 - 000003362 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-760699709-3465939181-808897853-1000

2018-03-09 14:27 - 2018-03-09 14:27 - 000003228 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-760699709-3465939181-808897853-1000

2018-03-09 14:26 - 2018-03-09 14:31 - 000021335 _____ C:\Users\Steve\Downloads\FRST.txt

2018-03-09 14:25 - 2018-03-09 14:26 - 000000000 ____D C:\FRST

2018-03-09 13:43 - 2018-03-09 13:43 - 002403328 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe

2018-03-04 16:14 - 2018-03-04 16:14 - 000132293 _____ C:\Users\Steve\Downloads\Gen'l Fund 2018.xlsx

2018-03-03 23:30 - 2018-03-03 23:31 - 000689873 _____ C:\Users\Steve\Downloads\dekorte-trail-guide-11-2016-lr.pdf

2018-03-03 21:21 - 2018-03-03 21:21 - 003267590 _____ C:\Users\Steve\Downloads\March Newsletter 2018.pdf

2018-03-02 15:56 - 2018-03-02 15:57 - 000000000 ____D C:\Users\Steve\Downloads\From Jim Harding 2018.03.02, DeKorte

2018-02-28 15:32 - 2018-02-28 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2018-02-26 06:24 - 2018-02-26 06:24 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe

2018-02-26 06:24 - 2018-02-26 06:24 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys

2018-02-26 06:24 - 2018-02-26 06:24 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys

2018-02-26 06:24 - 2018-02-26 06:24 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

2018-02-22 16:01 - 2018-02-22 16:01 - 000003808 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AnonymousRegistration

2018-02-17 09:41 - 2018-02-17 09:42 - 008370206 _____ C:\Users\Steve\Downloads\internet_research_agency_indictment.pdf

2018-02-16 11:38 - 2018-02-16 11:38 - 000531845 _____ C:\Users\Steve\Downloads\PFTL5258.0-146014.pdf

2018-02-15 13:35 - 2018-02-15 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

2018-02-14 11:09 - 2018-02-10 14:52 - 000395928 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2018-02-14 11:09 - 2018-02-10 14:03 - 000347296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2018-02-14 11:09 - 2018-02-10 03:44 - 025740288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2018-02-14 11:09 - 2018-02-10 02:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2018-02-14 11:09 - 2018-02-10 02:29 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2018-02-14 11:09 - 2018-02-10 02:19 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2018-02-14 11:09 - 2018-02-10 02:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2018-02-14 11:09 - 2018-02-10 02:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2018-02-14 11:09 - 2018-02-10 02:16 - 000577536 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2018-02-14 11:09 - 2018-02-10 02:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2018-02-14 11:09 - 2018-02-10 02:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2018-02-14 11:09 - 2018-02-10 02:09 - 005782016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2018-02-14 11:09 - 2018-02-10 02:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2018-02-14 11:09 - 2018-02-10 02:06 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2018-02-14 11:09 - 2018-02-10 02:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2018-02-14 11:09 - 2018-02-10 02:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2018-02-14 11:09 - 2018-02-10 02:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2018-02-14 11:09 - 2018-02-10 02:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2018-02-14 11:09 - 2018-02-10 01:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2018-02-14 11:09 - 2018-02-10 01:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2018-02-14 11:09 - 2018-02-10 01:52 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2018-02-14 11:09 - 2018-02-10 01:48 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2018-02-14 11:09 - 2018-02-10 01:46 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2018-02-14 11:09 - 2018-02-10 01:36 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2018-02-14 11:09 - 2018-02-10 01:36 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2018-02-14 11:09 - 2018-02-10 01:34 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2018-02-14 11:09 - 2018-02-10 01:34 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2018-02-14 11:09 - 2018-02-10 01:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2018-02-14 11:09 - 2018-02-10 01:32 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2018-02-14 11:09 - 2018-02-10 01:27 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2018-02-14 11:09 - 2018-02-10 01:20 - 020274176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2018-02-14 11:09 - 2018-02-10 01:14 - 001546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2018-02-14 11:09 - 2018-02-10 01:08 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2018-02-14 11:09 - 2018-02-10 01:02 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2018-02-14 11:09 - 2018-02-10 00:57 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2018-02-14 11:09 - 2018-02-10 00:57 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2018-02-14 11:09 - 2018-02-10 00:56 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2018-02-14 11:09 - 2018-02-10 00:54 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2018-02-14 11:09 - 2018-02-10 00:52 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2018-02-14 11:09 - 2018-02-10 00:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2018-02-14 11:09 - 2018-02-10 00:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2018-02-14 11:09 - 2018-02-10 00:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2018-02-14 11:09 - 2018-02-10 00:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2018-02-14 11:09 - 2018-02-10 00:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2018-02-14 11:09 - 2018-02-10 00:42 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2018-02-14 11:09 - 2018-02-10 00:39 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2018-02-14 11:09 - 2018-02-10 00:38 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2018-02-14 11:09 - 2018-02-10 00:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2018-02-14 11:09 - 2018-02-10 00:35 - 004498944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2018-02-14 11:09 - 2018-02-10 00:35 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2018-02-14 11:09 - 2018-02-10 00:35 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2018-02-14 11:09 - 2018-02-10 00:33 - 013680640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2018-02-14 11:09 - 2018-02-10 00:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2018-02-14 11:09 - 2018-02-10 00:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2018-02-14 11:09 - 2018-02-10 00:27 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2018-02-14 11:09 - 2018-02-10 00:26 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2018-02-14 11:09 - 2018-02-10 00:14 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2018-02-14 11:09 - 2018-02-10 00:10 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2018-02-14 11:09 - 2018-02-10 00:08 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2018-02-14 11:09 - 2018-01-12 11:44 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2018-02-14 11:09 - 2018-01-12 11:44 - 001894120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2018-02-14 11:09 - 2018-01-12 11:40 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2018-02-14 11:09 - 2018-01-12 11:40 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2018-02-14 11:09 - 2018-01-12 11:40 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2018-02-14 11:09 - 2018-01-12 11:33 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2018-02-14 11:09 - 2018-01-12 11:29 - 004014312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2018-02-14 11:09 - 2018-01-12 11:29 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2018-02-14 11:09 - 2018-01-12 11:27 - 004834816 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe

2018-02-14 11:09 - 2018-01-11 11:09 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2018-02-14 11:09 - 2017-12-05 12:36 - 001484288 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2018-02-14 11:08 - 2018-02-10 02:17 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2018-02-14 11:08 - 2018-02-10 02:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2018-02-14 11:08 - 2018-02-10 01:51 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2018-02-14 11:08 - 2018-02-10 01:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2018-02-14 11:08 - 2018-02-10 01:45 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2018-02-14 11:08 - 2018-02-10 00:57 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2018-02-14 11:08 - 2018-02-10 00:57 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2018-02-14 11:08 - 2018-02-10 00:36 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2018-02-14 11:08 - 2018-02-10 00:34 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2018-02-14 11:08 - 2018-01-12 11:46 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2018-02-14 11:08 - 2018-01-12 11:44 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2018-02-14 11:08 - 2018-01-12 11:44 - 000377064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2018-02-14 11:08 - 2018-01-12 11:44 - 000371432 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2018-02-14 11:08 - 2018-01-12 11:44 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2018-02-14 11:08 - 2018-01-12 11:44 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll

2018-02-14 11:08 - 2018-01-12 11:44 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2018-02-14 11:08 - 2018-01-12 11:44 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2018-02-14 11:08 - 2018-01-12 11:40 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:27 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:26 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 11:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe

2018-02-14 11:08 - 2018-01-12 11:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2018-02-14 11:08 - 2018-01-12 11:16 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys

2018-02-14 11:08 - 2018-01-12 11:15 - 000032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2018-02-14 11:08 - 2018-01-12 11:11 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2018-02-14 11:08 - 2018-01-12 11:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2018-02-14 11:08 - 2018-01-12 11:11 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2018-02-14 11:08 - 2018-01-12 11:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2018-02-14 11:08 - 2018-01-12 11:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2018-02-14 11:08 - 2018-01-12 11:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2018-02-14 11:08 - 2018-01-12 11:03 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2018-02-14 11:08 - 2018-01-12 11:02 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2018-02-14 11:08 - 2018-01-12 11:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2018-02-14 11:08 - 2018-01-12 11:02 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2018-02-14 11:08 - 2018-01-12 11:01 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2018-02-14 11:08 - 2018-01-12 11:01 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2018-02-14 11:08 - 2018-01-12 10:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2018-02-14 11:08 - 2018-01-12 10:57 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2018-02-14 11:08 - 2018-01-12 10:57 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2018-02-14 11:08 - 2018-01-12 10:57 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2018-02-14 11:08 - 2018-01-12 10:57 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2018-02-14 11:08 - 2018-01-12 10:56 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 10:56 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 10:56 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2018-02-14 11:08 - 2018-01-12 10:56 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2018-02-14 11:08 - 2018-01-11 11:41 - 001133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll

2018-02-14 11:08 - 2018-01-11 11:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2018-02-14 11:08 - 2018-01-05 11:31 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll

2018-02-14 11:08 - 2018-01-05 11:31 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2018-02-14 11:08 - 2018-01-05 11:30 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2018-02-14 11:08 - 2018-01-05 11:30 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2018-02-14 11:08 - 2018-01-05 11:30 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2018-02-14 11:08 - 2018-01-05 11:25 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2018-02-14 11:08 - 2018-01-05 11:14 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2018-02-14 11:08 - 2018-01-05 11:11 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll

2018-02-14 11:08 - 2018-01-05 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2018-02-14 11:08 - 2018-01-05 11:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2018-02-14 11:08 - 2018-01-05 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2018-02-14 11:08 - 2018-01-05 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2018-02-14 11:08 - 2017-12-05 12:36 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2018-02-14 11:08 - 2017-12-05 12:36 - 000218112 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll

2018-02-14 11:08 - 2017-12-05 12:36 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2018-02-14 11:08 - 2017-12-05 12:36 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2018-02-14 11:08 - 2017-12-05 12:36 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll

2018-02-14 11:08 - 2017-12-05 12:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2018-02-14 11:08 - 2017-12-05 12:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2018-02-14 11:08 - 2017-12-05 12:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2018-02-14 11:08 - 2017-12-05 12:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll

2018-02-14 11:08 - 2017-12-05 12:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2018-02-14 11:08 - 2017-12-05 11:04 - 000404992 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe

2018-02-14 10:54 - 2018-01-21 18:50 - 000136424 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2018-02-14 10:54 - 2018-01-21 18:40 - 000654336 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2018-02-14 10:54 - 2018-01-19 09:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2018-02-14 10:54 - 2018-01-19 09:05 - 001569280 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2018-02-14 10:54 - 2018-01-19 09:05 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2018-02-14 10:54 - 2018-01-19 09:05 - 000604672 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2018-02-14 10:54 - 2018-01-19 09:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll

2018-02-14 10:54 - 2018-01-19 09:05 - 000378880 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2018-02-14 10:54 - 2018-01-19 09:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2018-02-14 10:54 - 2018-01-19 09:05 - 000236544 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2018-02-13 10:41 - 2017-12-31 21:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2018-02-13 10:41 - 2017-12-31 21:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys

2018-02-13 10:41 - 2017-12-31 21:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys

2018-02-13 10:41 - 2017-12-31 21:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 001361408 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2018-02-13 10:41 - 2017-12-31 21:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll

2018-02-13 10:41 - 2017-12-31 21:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll

2018-02-13 10:41 - 2017-12-31 21:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe

2018-02-13 10:41 - 2017-12-31 21:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2018-02-13 10:41 - 2017-12-31 21:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll

2018-02-13 10:41 - 2017-12-31 21:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

2018-02-13 10:41 - 2017-12-31 21:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2018-02-13 10:41 - 2017-12-31 21:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll

2018-02-13 10:41 - 2017-12-31 20:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2018-02-13 10:41 - 2017-12-31 20:42 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2018-02-13 10:41 - 2017-12-31 20:42 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2018-02-13 10:41 - 2017-12-31 20:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

2018-02-13 10:41 - 2017-12-21 01:27 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2018-02-13 10:40 - 2017-12-31 21:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys

2018-02-13 10:40 - 2017-12-31 21:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2018-02-13 10:40 - 2017-12-31 21:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL

2018-02-13 10:40 - 2017-12-31 21:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2018-02-13 10:40 - 2017-12-31 21:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp

2018-02-13 10:40 - 2017-12-31 21:18 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\vmicres.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp

2018-02-13 10:40 - 2017-12-31 21:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll

2018-02-13 10:40 - 2017-12-31 21:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2018-02-13 10:40 - 2017-12-31 21:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp

2018-02-13 10:40 - 2017-12-31 21:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll

2018-02-13 10:40 - 2017-12-31 21:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2018-02-13 10:40 - 2017-12-31 20:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2018-02-13 10:40 - 2017-12-31 20:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll

2018-02-13 10:40 - 2017-12-31 20:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys

2018-02-13 10:40 - 2017-12-31 20:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys

2018-02-13 10:40 - 2017-12-31 20:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys

2018-02-13 10:40 - 2017-12-31 20:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys

2018-02-13 10:40 - 2017-12-31 20:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys

2018-02-13 10:40 - 2017-12-31 20:54 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys

2018-02-13 10:40 - 2017-12-31 20:47 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\vmicsvc.exe

2018-02-13 10:40 - 2017-12-31 20:46 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\IcCoinstall.dll

2018-02-13 10:40 - 2017-12-31 20:46 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\vmictimeprovider.dll

2018-02-13 10:40 - 2017-12-31 20:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll

2018-02-13 10:40 - 2017-12-31 20:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp

2018-02-13 10:40 - 2017-12-31 20:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll

2018-02-13 10:40 - 2017-12-31 20:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll

2018-02-13 10:40 - 2017-12-31 20:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll

2018-02-13 10:40 - 2017-12-31 20:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll

2018-02-13 10:40 - 2017-12-31 20:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll

2018-02-13 10:40 - 2017-12-31 20:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll

2018-02-13 10:40 - 2017-12-31 20:42 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2018-02-13 10:40 - 2017-12-31 20:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2018-02-13 10:40 - 2017-12-31 20:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll

2018-02-13 10:40 - 2017-12-05 12:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll

2018-02-13 10:40 - 2017-12-05 12:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll

2018-02-13 10:40 - 2017-12-05 12:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll

2018-02-13 10:40 - 2017-12-05 12:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll

2018-02-13 10:40 - 2017-12-05 12:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll

2018-02-13 10:40 - 2017-12-05 10:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll

2018-02-12 20:06 - 2018-02-12 20:10 - 000000000 ____D C:\Windows\System32\Tasks\Norton Remove and Reinstall

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2018-03-09 14:25 - 2015-09-12 15:56 - 000000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job

2018-03-09 14:24 - 2015-09-12 15:56 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job

2018-03-09 14:24 - 2013-09-09 15:20 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2018-03-09 14:24 - 2013-09-09 15:20 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2018-03-09 14:24 - 2013-09-09 15:12 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2018-03-09 14:22 - 2017-10-10 10:18 - 000115248 _____ (Webroot) C:\Windows\system32\WRusr.dll

2018-03-09 14:22 - 2016-12-26 16:05 - 000182704 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll

2018-03-09 14:22 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2018-03-09 14:18 - 2016-11-16 09:32 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla

2018-03-09 14:17 - 2013-10-14 18:51 - 000000000 ____D C:\Users\Steve\Documents\Investing 2

2018-03-09 14:17 - 2009-07-13 23:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2018-03-09 14:17 - 2009-07-13 23:45 - 000031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2018-03-09 14:03 - 2013-10-14 15:49 - 000000000 ____D C:\Users\Steve\Documents\Computer Stuff 2

2018-03-09 12:07 - 2013-10-13 21:48 - 000000000 ____D C:\Users\Steve\Documents\Chat Records 2

2018-03-09 11:46 - 2016-07-22 19:06 - 000003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask

2018-03-09 11:35 - 2013-10-12 17:45 - 000000000 ____D C:\Users\Steve\Documents\FB (2013.10.12 onward)

2018-03-09 10:30 - 2013-10-14 21:17 - 000000000 ____D C:\Users\Steve\Documents\Health Related 2

2018-03-09 10:20 - 2013-10-12 21:01 - 000000000 ____D C:\Users\Steve\Documents\Articles 2

2018-03-09 10:09 - 2013-10-12 17:50 - 000000000 ____D C:\Users\Steve\Documents\Odds & Ends 3

2018-03-08 22:00 - 2013-10-28 20:20 - 000000000 ____D C:\Users\Steve\Documents\Quotes 2

2018-03-08 16:28 - 2015-12-31 13:54 - 000000000 ____D C:\ProgramData\WRData

2018-03-07 09:51 - 2014-08-26 09:10 - 000000000 ____D C:\Users\Steve\AppData\Local\Adobe

2018-03-06 20:54 - 2015-05-22 08:16 - 000000000 ____D C:\Users\Steve\Documents\Diana

2018-03-05 14:20 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI

2018-03-05 14:20 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf

2018-03-05 11:36 - 2015-12-14 11:04 - 000659456 _____ C:\errlog.dat

2018-03-03 16:17 - 2017-11-07 10:40 - 000000000 ____D C:\Users\Steve\Downloads\_tmp_1510069225675

2018-02-28 15:32 - 2015-09-12 15:56 - 000000000 ____D C:\Program Files (x86)\Dropbox

2018-02-26 13:01 - 2014-12-26 21:24 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2018-02-25 17:24 - 2016-11-16 21:03 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2018-02-24 14:03 - 2013-12-20 22:21 - 000000000 ____D C:\Users\Steve\AppData\Roaming\stickies

2018-02-17 20:41 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache

2018-02-15 13:38 - 2014-03-29 08:55 - 000000000 ____D C:\ProgramData\Package Cache

2018-02-15 13:35 - 2014-03-29 08:55 - 000000000 ____D C:\Program Files (x86)\Garmin

2018-02-15 13:34 - 2014-03-29 08:55 - 000003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask

2018-02-14 11:33 - 2013-10-12 14:54 - 000000000 ___RD C:\Users\Steve\Virtual Machines

2018-02-14 11:30 - 2017-07-17 20:24 - 000501032 _____ C:\Windows\system32\FNTCACHE.DAT

2018-02-14 11:26 - 2014-12-11 09:26 - 000000000 ____D C:\Windows\system32\appraiser

2018-02-14 11:25 - 2013-10-16 09:10 - 000000000 ____D C:\Windows\system32\MRT

2018-02-14 11:22 - 2017-10-12 09:16 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe

2018-02-14 11:21 - 2013-10-16 09:10 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2018-02-14 11:17 - 2011-02-10 09:33 - 000776166 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2018-02-14 11:10 - 2013-11-14 23:16 - 000000000 ____D C:\ProgramData\Norton

2018-02-12 20:06 - 2013-11-14 23:34 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared

2018-02-12 19:59 - 2013-11-08 16:14 - 000000000 ____D C:\ProgramData\TEMP

2018-02-12 19:57 - 2017-11-20 10:22 - 000000000 ____D C:\Program Files\Mozilla Firefox

2018-02-12 19:57 - 2015-08-01 13:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

 

==================== Files in the root of some directories =======

 

2017-05-02 16:51 - 2017-05-02 16:52 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe

2017-11-05 22:13 - 2017-11-05 22:13 - 000000022 _____ () C:\Users\Steve\AppData\Roaming\splitterdirectorys.txt

2013-10-14 21:51 - 2013-10-28 22:19 - 000007602 _____ () C:\Users\Steve\AppData\Local\Resmon.ResmonCfg

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2018-03-09 12:25

 

==================== End of FRST.txt ============================

 

 

 

Additional scan results of Farbar Recovery Scan Tool are as follows:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018

Ran by Steve (09-03-2018 14:32:43)

Running from C:\Users\Steve\Downloads

Windows 7 Professional Service Pack 1 (X64) (2013-10-12 19:42:36)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-760699709-3465939181-808897853-500 - Administrator - Disabled)

Guest (S-1-5-21-760699709-3465939181-808897853-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-760699709-3465939181-808897853-1002 - Limited - Enabled)

Steve (S-1-5-21-760699709-3465939181-808897853-1000 - Administrator - Enabled) => C:\Users\Steve

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}

AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)

Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)

Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)

Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)

ANT Drivers Installer x64 (HKLM\...\{00EC0123-5EC2-4D75-830C-EF11667E74E8}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)

ArcSoft PhotoStudio 6 (HKLM-x32\...\{B4BD4DFB-0A22-43EC-A2D4-BF515E9A546F}) (Version: 6.0.5.180 - ArcSoft)

ArcSoft PhotoStudio 6 (HKLM-x32\...\{F95BCC10-FDA6-45BC-9AEC-C4CCCB385844}) (Version: 6.0.5.180 - ArcSoft)

Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )

Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)

CDRoller version 10.0 (HKLM-x32\...\CDRoller_is1) (Version: 10.0 - Digital Atlantic Corp.)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)

Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)

Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)

Dell SupportAssistAgent (HKLM\...\{9DD6B149-CEBC-4910-B11A-242393EDF6D3}) (Version: 2.1.4.14 - Dell)

Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)

Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)

Dropbox (HKLM-x32\...\Dropbox) (Version: 44.4.58 - Dropbox, Inc.)

Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden

eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)

Elements 12 Organizer (HKLM-x32\...\{9D80A7B7-DC01-485D-AE93-710D559B5C56}) (Version: 12.0 - Adobe Systems Incorporated) Hidden

Elevated Installer (HKLM-x32\...\{9AB7E852-655C-4BDE-9042-1D3E6807C85A}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries) Hidden

Free MP4 Splitter (HKLM-x32\...\{38ECB700-186E-4E87-996C-54290D4412BE}) (Version: 1.0.0 - Media Freeware)

FVD Downloader Module (HKLM-x32\...\{A3F74A3C-6824-4878-AB46-21280389D09F}) (Version: 1.0.8 - Nimbus)

Garmin Express (HKLM-x32\...\{E695D74A-9567-46DA-A4EE-0E191F21194B}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express (HKLM-x32\...\{fb1ff7db-c0d2-43c4-99bf-5b2fa4f9ca0b}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries)

Garmin Express Tray (HKLM-x32\...\{7C8FDEF1-F311-459C-B3CC-EEF73C721BFD}) (Version: 6.1.1.0 - Garmin Ltd or its subsidiaries) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)

iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)

Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)

Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)

Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-760699709-3465939181-808897853-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Newegg Download Manager (HKLM-x32\...\Newegg Download Manager) (Version: 1.1.5 - Newegg)

Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)

PSE12 STI Installer (HKLM-x32\...\{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}) (Version: 12.0 - Adobe Systems Incorporated) Hidden

QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

RealDownloader (HKLM-x32\...\{7FBAD091-89F7-4C77-A224-15FF4423C7D2}) (Version: 17.0.13 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden

Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)

RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)

SeaTools for Windows 1.4.0.6 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.6 - Seagate Technology)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)

Stellarium 0.12.4 (HKLM-x32\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)

UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-760699709-3465939181-808897853-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-760699709-3465939181-808897853-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-760699709-3465939181-808897853-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-760699709-3465939181-808897853-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-760699709-3465939181-808897853-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll [2018-03-09] (Webroot)

ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll [2018-03-09] (Webroot)

ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll [2018-03-09] (Webroot)

ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll [2018-03-09] (Webroot)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File

ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File

ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File

ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2015-10-05] (Malwarebytes)

ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [2014-09-19] (RealNetworks, Inc.)

ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)

ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-02-26] (Dropbox, Inc.)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-12-14] (Intel Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2015-10-05] (Malwarebytes)

ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2015-04-08] (Piriform Ltd)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {05319E75-D48E-4B12-905F-7F158B345E83} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)

Task: {1A98C21A-ABAB-4263-8EF4-ED1205CC55E2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)

Task: {2DC4D1E4-8365-48B6-8E4A-DAF8B5BCD1C0} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.5.15\SymErr.exe

Task: {2EE3C6A2-CF29-4587-8EE4-2184EEC04C87} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)

Task: {2FD50E87-B554-40FA-A385-22A4F02DBAD0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)

Task: {3292E14C-E473-4185-A054-8CB11AFD2503} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-02-08] ()

Task: {477D7856-0111-462A-B7F6-0E533CFE7014} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-760699709-3465939181-808897853-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)

Task: {51B0BBDA-A446-4914-B4DB-5A789EB88682} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-760699709-3465939181-808897853-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-30] (RealNetworks, Inc.)

Task: {51C98D46-04DA-49AB-8543-677927E73424} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.)

Task: {54BF8896-8551-4332-8761-4BC275D60C8B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)

Task: {55C309B6-0FE5-47EE-8B65-94E8FE4C9346} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe

Task: {5A22BEEE-2608-410E-AB32-5F2089BE06F7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.5.15\WSCStub.exe

Task: {7071DA22-6E72-4C58-9DE6-0012AC246A59} - System32\Tasks\{5CD2F101-E4B0-45F8-9B5C-95291E93F375} => C:\Windows\system32\pcalua.exe -a C:\Users\Steve\Downloads\card-reader-firmware(1).exe -d C:\Users\Steve\Downloads

Task: {7CB81BEC-8BA1-4E3C-88D2-CF7C88CA6C89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)

Task: {7CE1500F-EFB3-4EB9-B0CB-4C15CD4AF18C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.)

Task: {8AE30ABE-C36E-45A0-B9AE-583DE9ADA1D7} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-760699709-3465939181-808897853-1000 -> No File <==== ATTENTION

Task: {988A59F0-A13C-4733-A7B0-FE078BDD6CEE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)

Task: {B50CDDCE-1535-4D30-87B5-732DF5A28511} - System32\Tasks\{DBF458D8-B603-47EB-900D-B88567858E44} => C:\Windows\system32\pcalua.exe -a C:\Users\Steve\Downloads\card-reader-firmware.exe -d C:\Users\Steve\Downloads

Task: {B7E2C061-AD0A-476D-978D-D4618B69A975} - System32\Tasks\Dell SupportAssistAgent AnonymousRegistration => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2018-02-14] (Dell Inc.)

Task: {BA6454E0-6131-4E04-9838-6DC153801059} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {BEE4709C-601A-4B71-AD30-3FA58E977E71} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe

Task: {D409BE53-8B27-4763-A316-B0EE6798B9F6} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.5.5.15\SymErr.exe

Task: {DCE350CD-18A1-4834-A405-7F2FBF59FD0C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus\Upgrade.exe [2015-11-23] (Symantec Corporation)

Task: {E893A73C-B802-477E-92FA-39E0785769F0} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe

Task: {ECEC116B-8B01-469B-B0F8-75E61A4095ED} - System32\Tasks\AdobeAAMUpdater-1.0-Steve-PC-Steve => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)

Task: {F28E84D5-4C8C-44AE-A891-4619A4737898} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-760699709-3465939181-808897853-1000 -> No File <==== ATTENTION

Task: {F8DF29D1-447B-4E12-8605-50D4142496AB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-760699709-3465939181-808897853-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

Shortcut: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

 

ShortcutWithArgument: C:\Users\Public\Desktop\eBay.lnk -> C:\Program Files (x86)\eBay\Browser Launcher.exe (eBay Inc.) -> hxxp://rover.ebay.com/rover/1/711-86042-13409-1/4?mpre=hxxp://ebay.com

 

==================== Loaded Modules (Whitelisted) ==============

 

2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-30 01:17 - 2014-07-30 01:17 - 000039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

2014-07-30 04:04 - 2014-07-30 04:04 - 000023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe

2013-09-09 15:12 - 2012-01-26 21:49 - 002751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

2013-09-09 16:43 - 2011-12-15 17:34 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll

2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll

2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll

2018-02-08 13:32 - 2018-02-08 13:32 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll

2014-09-19 12:28 - 2014-09-19 12:28 - 000864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll

2018-02-28 15:31 - 2018-02-26 06:24 - 000746312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll

2018-02-28 15:31 - 2018-02-26 06:24 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll

2018-02-28 15:32 - 2018-02-26 06:24 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 001856864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd

2018-02-28 15:31 - 2018-02-26 06:24 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll

2018-02-28 15:32 - 2018-02-26 06:24 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd

2018-02-28 15:31 - 2018-02-26 06:24 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000116184 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll

2018-02-28 15:32 - 2018-02-26 06:26 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd

2018-02-28 15:32 - 2018-02-26 06:27 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd

2018-02-28 15:32 - 2018-02-26 06:27 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd

2018-02-28 15:32 - 2018-02-26 06:27 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd

2018-02-28 15:32 - 2018-02-26 06:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd

2018-02-28 15:32 - 2018-02-26 06:27 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd

2018-02-28 15:32 - 2018-02-26 06:24 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd

2018-02-28 15:32 - 2018-02-26 06:27 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd

2018-02-28 15:31 - 2018-02-26 06:24 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll

2018-02-28 15:32 - 2018-02-26 06:26 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL

2018-02-28 15:32 - 2018-02-26 06:26 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd

2018-02-28 15:31 - 2018-02-26 06:26 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL

2018-02-28 15:31 - 2018-02-26 06:26 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll

2018-02-28 15:32 - 2018-02-26 06:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

2018-02-14 10:40 - 2018-02-14 10:40 - 000172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ddf6d0d1dc0b7c17b8eecc0f3942d073\IsdiInterop.ni.dll

2013-09-09 15:08 - 2012-02-01 16:25 - 000059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2017-07-10 10:29 - 2013-05-13 16:15 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [356]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\.DEFAULT\...\dell.com -> dell.com

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-760699709-3465939181-808897853-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnkCommon Startup

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup

MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe

FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe

FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe

FirewallRules: [{C2CD94B1-50F9-4DEF-B606-36824D16157F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{EA9DC0DC-DDAF-43BB-BF77-CDB31C1A24F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{029C11E4-3630-4719-9102-3A9C33C599EB}] => (Allow) LPort=2869

FirewallRules: [{817AE9EC-5929-4FCB-A636-E08F783EA568}] => (Allow) LPort=1900

FirewallRules: [{20CAD805-5F52-4622-B6EE-C2D9C09E288F}] => (Allow) C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [{294725DA-24E2-42B0-B171-49159EDDEDED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E0F11A1A-31C8-4684-9A2A-AFAA21DEC941}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{72433A72-8FFC-47F4-9C0A-441291761BAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{423B2A6B-4C76-4296-9D42-ADE4B56D904D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{87B4FCAC-CEF3-4511-BE68-DFB11ADF5B82}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe

FirewallRules: [{BF175166-1FDD-4C03-A3AE-BC83FDF64884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{AC526197-0DC0-496A-A8A5-11786D2D8075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D3D2D10C-8D67-4D8E-B878-F24DFDCF6278}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{03618EF0-D143-438B-897E-19490E8473C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{4A45B555-C711-4995-B8CE-93D2A1F46862}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{BC4C915F-0F31-4206-A9DE-68F8EE739E23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{90F56170-5D8A-4659-A300-8F239140C452}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{6D6D7CF5-A5FF-4188-B4FE-FA850B3CE402}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{5F127970-87A6-4D03-87A6-157E5D780D9A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{44FD4C3F-77AB-4095-A00C-C48F70098CC2}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe

FirewallRules: [UDP Query User{EC528BB7-8C48-4B5A-B532-966030BC0D3B}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe

FirewallRules: [{3B9F677C-11CC-4827-87E4-A1A18A31E10F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

FirewallRules: [{7F543235-EF9F-438F-9360-C9F3CD1D8ADE}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{15751CCA-BDA0-4CB1-B050-80F1304DD55C}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS9801.tmp\SymNRT.exe

FirewallRules: [{006C7DC7-93CA-460F-8150-99491ECC1D30}] => (Allow) C:\Users\Steve\AppData\Local\Temp\7zS9801.tmp\SymNRT.exe

FirewallRules: [{FB0F32CA-97D9-4D65-ACD5-B478F53C0E18}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

 

==================== Restore Points =========================

 

15-02-2018 13:32:28 Garmin Express

23-02-2018 13:00:57 Scheduled Checkpoint

03-03-2018 12:33:39 Scheduled Checkpoint

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/09/2018 02:23:36 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (03/08/2018 04:21:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (03/07/2018 06:54:22 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (03/07/2018 03:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: 456: ERROR: read_msg errno 0 (The operation completed successfully.)

 

Error: (03/07/2018 03:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

 

Error: (03/07/2018 03:03:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: 440: ERROR: read_msg errno 0 (The operation completed successfully.)

 

Error: (03/07/2018 03:03:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

 

Error: (03/07/2018 03:02:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: 440: ERROR: read_msg errno 0 (The operation completed successfully.)

 

 

System errors:

=============

Error: (03/09/2018 02:28:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Windows Update service hung on starting.

 

Error: (03/08/2018 08:07:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

 

Error: (03/08/2018 04:34:49 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)

Description: 0x8000002a45\??\C:\Windows\AppCompat\Programs\Amcache.hve

 

Error: (03/08/2018 04:27:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Windows Update service hung on starting.

 

Error: (03/08/2018 04:19:52 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 7:19:33 PM on ‎3/‎7/‎2018 was unexpected.

 

Error: (03/07/2018 07:00:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Windows Update service hung on starting.

 

Error: (03/07/2018 06:52:59 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 3:05:06 PM on ‎3/‎7/‎2018 was unexpected.

 

Error: (03/06/2018 10:32:04 PM) (Source: Disk) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR1.

 

 

==================== Memory info ===========================

 

Processor: Intel® Pentium® CPU G2020 @ 2.90GHz

Percentage of memory in use: 50%

Total physical RAM: 3967.53 MB

Available physical RAM: 1963.67 MB

Total Virtual: 7933.23 MB

Available Virtual: 5924.26 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:913.29 GB) (Free:280.57 GB) NTFS

Drive k: (My Passport) (Fixed) (Total:3725.99 GB) (Free:1298.98 GB) NTFS

 

\\?\Volume{df6764c4-199a-11e3-bd5f-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:18.18 GB) (Free:10.33 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 00F43051)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=18.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=913.3 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 3726 GB) (Disk ID: 16F2A91F)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

 

 

 

> Thank you very much in advance, for any and all advice you are able to offer me.



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:49 PM

Posted 13 March 2018 - 11:12 AM

sbutk1:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two, but I might be able to provide an initial response later today.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 sbutk1

sbutk1
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:49 PM

Posted 13 March 2018 - 12:00 PM

Nice to meet you, Phil.  I’m Steve.  Thank you for responding so quickly.  I understand you’ll need some time to look over my logs and from those be able to formulate the most helpful advice.  In the meantime I will continue to share the results of those other scans that I mentioned.  Please stand by.  Thanks…



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:49 PM

Posted 13 March 2018 - 12:05 PM

Steve:

 

Thank you for your post and for permission to address you by your first name.

 

I am in the process of reviewing your FRST logs.

 

Please do not submit any further information or install/uninstall programs.  My FRST "fixlist" script will be based solely on the logs that I have received from you.  We will move to other scans in later stages.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 sbutk1

sbutk1
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:49 PM

Posted 13 March 2018 - 12:19 PM

> RESULTS from MiniToolbox:

 

MiniToolBox by Farbar  Version: 17-06-2016

Ran by Steve (administrator) on 03-12-2017 at 22:30:34

Running from "C:\Users\Steve\Downloads"

Microsoft Windows 7 Professional  Service Pack 1 (X64)

Model: Inspiron 660 Manufacturer: Dell Inc.

Boot Mode: Normal

***************************************************************************

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (12/03/2017 10:29:57 PM) (Source: Bonjour Service) (User: )

Description: 440: ERROR: read_msg errno 0 (The operation completed successfully.)

 

Error: (12/03/2017 10:29:57 PM) (Source: Bonjour Service) (User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

 

Error: (12/03/2017 10:28:57 PM) (Source: Bonjour Service) (User: )

Description: 504: ERROR: read_msg errno 0 (The operation completed successfully.)

 

Error: (12/03/2017 10:28:57 PM) (Source: Bonjour Service) (User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

 

Error: (12/03/2017 10:27:57 PM) (Source: Bonjour Service) (User: )

Description: 492: ERROR: read_msg errno 0 (The operation completed successfully.)

 

Error: (12/03/2017 10:27:57 PM) (Source: Bonjour Service) (User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

 

Error: (12/03/2017 10:27:09 PM) (Source: Application Hang) (User: )

Description: The program notepad.exe version 6.1.7601.18917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 2188

 

Start Time: 01d36caf81dd48b3

 

Termination Time: 2623

 

Application Path: C:\Windows\SysWOW64\notepad.exe

 

Report Id: fb0b3be9-d8a2-11e7-9017-c81f6606c9bc

 

Error: (12/03/2017 10:26:57 PM) (Source: Bonjour Service) (User: )

Description: 456: ERROR: read_msg errno 0 (The operation completed successfully.)

 

Error: (12/03/2017 10:26:57 PM) (Source: Bonjour Service) (User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

 

Error: (12/03/2017 10:25:57 PM) (Source: Bonjour Service) (User: )

Description: 504: ERROR: read_msg errno 0 (The operation completed successfully.)

 

 

System errors:

=============

Error: (12/02/2017 11:22:24 PM) (Source: Disk) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Error: (12/01/2017 06:30:29 PM) (Source: Disk) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Error: (12/01/2017 09:35:27 AM) (Source: Service Control Manager) (User: )

Description: The Windows Update service hung on starting.

 

Error: (12/01/2017 09:28:57 AM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

BHDrvx64

ccSet_NAV

SRTSP

SymIRON

SymNetS

 

Error: (12/01/2017 09:27:35 AM) (Source: SRTSP) (User: )

Description: Error loading virus definitions.

 

Error: (11/30/2017 06:52:22 PM) (Source: Server) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{7C07788E-3C87-49B9-A02C-9DC3A139A32E} because another computer on the network has the same name.  The server could not start.

 

Error: (11/30/2017 06:51:21 PM) (Source: DCOM) (User: )

Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

 

Error: (11/30/2017 03:39:28 PM) (Source: Disk) (User: )

Description: The driver detected a controller error on \Device\Harddisk2\DR2.

 

Error: (11/30/2017 09:39:13 AM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZAtheros Wlan Agent service.

 

Error: (11/29/2017 05:18:53 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

 

 

Microsoft Office Sessions:

=========================

Error: (12/03/2017 10:29:57 PM) (Source: Bonjour Service)(User: )

Description: 440: ERROR: read_msg errno 0 (The operation completed successfully.)

 

Error: (12/03/2017 10:29:57 PM) (Source: Bonjour Service)(User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

 

Error: (12/03/2017 10:28:57 PM) (Source: Bonjour Service)(User: )

Description: 504: ERROR: read_msg errno 0 (The operation completed successfully.)

 

Error: (12/03/2017 10:28:57 PM) (Source: Bonjour Service)(User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

 

Error: (12/03/2017 10:27:57 PM) (Source: Bonjour Service)(User: )

Description: 492: ERROR: read_msg errno 0 (The operation completed successfully.)

 

Error: (12/03/2017 10:27:57 PM) (Source: Bonjour Service)(User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

 

Error: (12/03/2017 10:27:09 PM) (Source: Application Hang)(User: )

Description: notepad.exe6.1.7601.18917218801d36caf81dd48b32623C:\Windows\SysWOW64\notepad.exefb0b3be9-d8a2-11e7-9017-c81f6606c9bc

 

Error: (12/03/2017 10:26:57 PM) (Source: Bonjour Service)(User: )

Description: 456: ERROR: read_msg errno 0 (The operation completed successfully.)

 

Error: (12/03/2017 10:26:57 PM) (Source: Bonjour Service)(User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

 

Error: (12/03/2017 10:25:57 PM) (Source: Bonjour Service)(User: )

Description: 504: ERROR: read_msg errno 0 (The operation completed successfully.)

 

 

=========================== Installed Programs ============================

 

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)

Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)

Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)

ANT Drivers Installer x64 (HKLM\...\{B9218A36-7AD3-4046-8D77-31F51DC0D795}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

ArcSoft PhotoStudio 6 (HKLM-x32\...\{B4BD4DFB-0A22-43EC-A2D4-BF515E9A546F}) (Version: 6.0.5.180 - ArcSoft)

ArcSoft PhotoStudio 6 (HKLM-x32\...\{F95BCC10-FDA6-45BC-9AEC-C4CCCB385844}) (Version: 6.0.5.180 - ArcSoft)

Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )

Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)

CDRoller version 10.0 (HKLM-x32\...\CDRoller_is1) (Version: 10.0 - Digital Atlantic Corp.)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)

Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)

Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)

Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)

Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)

Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)

Dropbox (HKLM-x32\...\Dropbox) (Version: 39.4.49 - Dropbox, Inc.)

Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden

eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)

Elements 12 Organizer (HKLM-x32\...\{9D80A7B7-DC01-485D-AE93-710D559B5C56}) (Version: 12.0 - Adobe Systems Incorporated) Hidden

Elevated Installer (HKLM-x32\...\{B85F70BE-A5A3-48A2-A790-AF6001F026E0}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden

Free MP4 Splitter (HKLM-x32\...\{38ECB700-186E-4E87-996C-54290D4412BE}) (Version: 1.0.0 - Media Freeware)

FVD Downloader Module (HKLM-x32\...\{A3F74A3C-6824-4878-AB46-21280389D09F}) (Version: 1.0.8 - Nimbus)

Garmin Express (HKLM-x32\...\{5b328687-2baf-4fb6-b6c7-c49fb4840cba}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{5F4164CE-621E-4AFD-BBFE-1BBE2299710E}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (HKLM-x32\...\{4E9533AB-7743-4B73-A5D2-42207E159E11}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)

iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)

Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)

Junk Mail filter update (HKLM-x32\...\{400C31E4-796F-4E86-8FDC-C3C4FACC6847}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)

Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office XP Professional (HKLM-x32\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Newegg Download Manager (HKLM-x32\...\Newegg Download Manager) (Version: 1.1.5 - Newegg)

Norton AntiVirus (HKLM-x32\...\NAV) (Version: 22.5.5.15 - Symantec Corporation)

Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)

PSE12 STI Installer (HKLM-x32\...\{11F9A376-342F-4297-82DA-1F6EA8ED4B6B}) (Version: 12.0 - Adobe Systems Incorporated) Hidden

QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

RealDownloader (HKLM-x32\...\{7FBAD091-89F7-4C77-A224-15FF4423C7D2}) (Version: 17.0.13 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden

Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)

RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Stellarium 0.12.4 (HKLM-x32\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)

Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)

UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

 

========================= Memory info: ===================================

 

Percentage of memory in use: 77%

Total physical RAM: 3967.53 MB

Available physical RAM: 899.43 MB

Total Virtual: 7933.25 MB

Available Virtual: 3154.27 MB

 

========================= Partitions: =====================================

 

1 Drive c: (OS) (Fixed) (Total:913.29 GB) (Free:292.98 GB) NTFS

4 Drive k: (My Passport) (Fixed) (Total:3725.99 GB) (Free:1507.04 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\STEVE-PC

 

Administrator            Guest                    Steve                   

 

 

**** End of log ****



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:49 PM

Posted 13 March 2018 - 12:30 PM

Steve:

 

 


 

Ran by Steve (administrator) on 03-12-2017 at 22:30:34

 

 

 

I asked that you not post any additional, previous logs.  As you can see, the MiniToolBox scan that you sent me is OVER two months old.  No reputable malware removal specialist would work with logs that old!

 

I do appreciate your enthusiasm, but I respectfully request that you supply only the logs and information that I specifically request.  Please patiently await my analysis of your FRST logs and my initial FRST "fixlist" script that I am working on for you.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:49 PM

Posted 13 March 2018 - 01:18 PM

Steve:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Your Firefox has a lot of suspicious extensions and some whose usefulness might not be worth the computer resources that they consume. My FRST "fixlist" script will remove some of the most suspicious extensions, but if I were you, I would consider removing and reinstalling Firefox altogether, after you have run the FRST "fixlist" script in the next step. You can, of course, remove any extension from that script that you do really want to keep, so that it is not removed. It is, after all, your computer. I think that your suspicions are correct - that Firefox is consuming an inordinate amount of your computer's limited resources. It has a Pentium processor and only 4 GB of RAM.

.

:step2: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-760699709-3465939181-808897853-1000 -> DefaultScope {D1D2F467-4B35-4ADD-98B0-0EA7EF9A7D6D} URL =
SearchScopes: HKU\S-1-5-21-760699709-3465939181-808897853-1000 -> {D1D2F467-4B35-4ADD-98B0-0EA7EF9A7D6D} URL =
FF Extension: (Flash Video Downloader) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\artur.dubovoy@gmail.com.xpi [2018-03-04]
FF Extension: (Download all Images) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi [2018-02-26]
FF Extension: (Unload Tab) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\{b3fdb2a9-f31a-4f12-b7b3-085aba679868}.xpi [2017-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon => not found
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
Task: {8AE30ABE-C36E-45A0-B9AE-583DE9ADA1D7} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-760699709-3465939181-808897853-1000 -> No File <==== ATTENTION
Task: {F28E84D5-4C8C-44AE-A891-4619A4737898} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-760699709-3465939181-808897853-1000 -> No File <==== ATTENTION
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

I have seen some other issues in the logs and there are some standard scans that I will want to run after we have run the FRST "fixlist" script above.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 sbutk1

sbutk1
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:49 PM

Posted 13 March 2018 - 02:34 PM

Phil,

 

I apologize.  I misread your instruction to post those results and missed your key words "upon request".  Once again, please accept my apologies for the misunderstanding.  I will patiently await further instructions before going any further...

 

-Steve


Edited by sbutk1, 13 March 2018 - 03:19 PM.


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:49 PM

Posted 14 March 2018 - 07:25 AM

Steve:

 

I have deleted your duplicate posts.  I have provided you with instructions in my previous post, here.

 

No apologies necessary.  You are obviously keen to discover what is wrong with your computer.

 

Awaiting your reply. Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 sbutk1

sbutk1
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:49 PM

Posted 14 March 2018 - 10:09 AM

Good morning Phil,

 

Thank you for your understanding with regard to my errant posts.  Indeed I did get a bit overanxious at the prospect of some fresh help; as you've already noted from the date of those earliest results, I’ve been seeking effective assistance with this problem for quite a while. 

 

In that case, perhaps the first posting of those outdated MiniToolbx results – as you mentioned, somewhat useless by now – should also be removed, in the interest of keeping this thread as concise as possible.

 

Typically patience is one of my strong suits; so from now on I will make a full effort to post exactly what you’re asking for, when you want it.

 

 

That being the case, the following are the results of this morning’s fresh run of the FRST application, with the special instructions that you provided…

Thanks for your understanding, and have a good day, yourself…

 

Steve

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2018

Ran by Steve (14-03-2018 10:05:10) Run:1

Running from C:\Users\Steve\Documents\Computer Stuff 2\FRST Results, 2018.03.14

Loaded Profiles: Steve (Available Profiles: Steve)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-760699709-3465939181-808897853-1000 -> DefaultScope {D1D2F467-4B35-4ADD-98B0-0EA7EF9A7D6D} URL =

SearchScopes: HKU\S-1-5-21-760699709-3465939181-808897853-1000 -> {D1D2F467-4B35-4ADD-98B0-0EA7EF9A7D6D} URL =

FF Extension: (Flash Video Downloader) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\artur.dubovoy@gmail.com.xpi [2018-03-04]

FF Extension: (Download all Images) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi [2018-02-26]

FF Extension: (Unload Tab) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\{b3fdb2a9-f31a-4f12-b7b3-085aba679868}.xpi [2017-12-20]

FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.0.124\coFFAddon => not found

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

S3 dbx; system32\DRIVERS\dbx.sys [X]

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File

ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File

ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File

Task: {8AE30ABE-C36E-45A0-B9AE-583DE9ADA1D7} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-760699709-3465939181-808897853-1000 -> No File <==== ATTENTION

Task: {F28E84D5-4C8C-44AE-A891-4619A4737898} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-760699709-3465939181-808897853-1000 -> No File <==== ATTENTION

 

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully

HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully

HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found

"HKU\S-1-5-21-760699709-3465939181-808897853-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully

"HKU\S-1-5-21-760699709-3465939181-808897853-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1D2F467-4B35-4ADD-98B0-0EA7EF9A7D6D}" => removed successfully

HKLM\Software\Classes\CLSID\{D1D2F467-4B35-4ADD-98B0-0EA7EF9A7D6D} => not found

C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\artur.dubovoy@gmail.com.xpi => moved successfully

C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\{32af1358-428a-446d-873e-5f8eb5f2a72e}.xpi => moved successfully

C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\sy21f17k.default-1483740629339-1511191350448\Extensions\{b3fdb2a9-f31a-4f12-b7b3-085aba679868}.xpi => moved successfully

"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}" => removed successfully

"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => removed successfully

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => removed successfully

"HKLM\System\CurrentControlSet\Services\dbx" => removed successfully

dbx => service removed successfully

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded" => removed successfully

"HKLM\Software\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}" => removed successfully

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending" => removed successfully

HKLM\Software\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => not found

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected" => removed successfully

"HKLM\Software\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8AE30ABE-C36E-45A0-B9AE-583DE9ADA1D7}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AE30ABE-C36E-45A0-B9AE-583DE9ADA1D7}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-760699709-3465939181-808897853-1000" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F28E84D5-4C8C-44AE-A891-4619A4737898}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F28E84D5-4C8C-44AE-A891-4619A4737898}" => removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-760699709-3465939181-808897853-1000" => removed successfully

 

 

The system needed a reboot.

 

==== End of Fixlog 10:09:56 ====



#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:49 PM

Posted 14 March 2018 - 10:27 AM

Steve:
 
Thank you for your post and for copying and pasting the contents of the FRST "fixlog.txt" file.  That looks good! :thumbup2:
 
Here at Bleeping Computer, we don't delete posts with content, so that entire topic is complete, unless there is a serious reason to do so.
 
Did you try uninstalling and reinstalling Firefox, as I suggested in Step :step1: of my "Fix" post?  I am suspicious that your suspicions are correct that Firefox is the culprit.  I would suggest that you read this topic, and you can do a Google search for many other similar topics.  They are suggesting a "reset" in the topic that I cited.
 
Since you are here, let's check out your computer for any other possible, malware-related culprits.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!
.

:step2: Your Malwarebytes version should be uninstalled. It is a really old version (2.2). You can use the MB-Clean tool. If it is a paid version of Malwarebytes, please make sure to deactivate and record your licence information before running the MB-Clean tool.

Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through Reports (double-click the appropriate scan log) or you can just double-click the "Last Scan" entry on the Dashboard. Click "Export"., and then select "Copy to Clipboard". Next, please paste the contents of the log into your next reply.

.

:step3: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

We will deal with some remaining issues in the next post. Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#12 sbutk1

sbutk1
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:49 PM

Posted 14 March 2018 - 10:36 AM

Hi Phil,

 

Real quickly… I was waiting to do the Firefox re-install until I saw whether you had any other comments about my FRST log. 

 

So, moving on, does it make a difference which I do first: the Firefox reinstall or the anti-malware steps you’ve outlined above?

 

-Steve



#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:49 PM

Posted 14 March 2018 - 10:44 AM

Steve:

 

Thank you for your post.  Sorry for the delay - I was eating lunch! :)

 

I would do the Firefox reset or uninstall/reinstall first, and then run the other scans.  No point in them detecting problems with Firefox extensions that you won't have installed any more.

 

Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 sbutk1

sbutk1
  • Topic Starter

  • Members
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ
  • Local time:07:49 PM

Posted 15 March 2018 - 09:13 AM

Good morning, Phil…

 

Well, I started #1 (the ERST scan) yesterday and it turned out to be a *very* lengthy process – over 9 hours elapsed, when I decided it was time to retire for the evening and leave the computer on and finish overnight.  Unfortunately, when I came back to the screen this morning, it appears that the computer rebooted itself after automatic Windows updates.  Thus I’m not sure whether my results were recorded anywhere, or if the scan even finished.

 

I realize a good deal of that time was probably due to leaving my external drive (that I use for backups and archiving) connected.  Thus, if you think it’d be wise for me to disconnect that drive before proceeding, let me know.  I suppose it's likely prudent to let these scans detect whether any of the files on that external drive might also be corrupted in any way – During the time I was still awake, there *were* threats detected (at least 28) – though I can’t be sure whether they were on the external or on my main C Drive.

 

I'll await your advice on whether to unplug that external drive; and also whether to repeat the ERST scan. 

 

At any rate, I  may not be able to resume until later today or even tomorrow, as I’ve got a separate deadline I’m working on.

 

Thanks, and I hope to hear from you soon.

 

 

-Steve



#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,849 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:49 PM

Posted 15 March 2018 - 02:54 PM

Steve:
 
Thank you for your post.  I apologize for the delay in responding.  I checked in this morning and responded to all my topics, but then had to take my wife to the big town for a doctor's appointment; and then, of course, she wanted to do the grocery shopping in the big university town of Antigonish (70 minutes from our big municipality of Port Hood, population: 1,000+) where the nearest hospital is located that has oncologists who visit.
 
If the scan didn't finish, then everything could be a bit of a mess.  Check out this link (Question 17), to see if you can locate an ESET online scan log.  If not, repeat the scan.  If you don't have "Show hidden files and folders enabled", please consult these instructions.  If you find that log, please copy and paste it into your next reply and I will let you know if it did what it was supposed to do.
 
Personally, I would unplug my external drive.  I never leave my external drives connected to prevent ransomware access to my backup files.  I only plug external hard drives into my computer long enough to create system images and then unplug them.  Since all that is on my external drives are backups of my primary hard drive, and I do full scans of it weekly, it can't be infected, if the primary hard drive is not infected.
 
You could always subsequently scan your external hard drive with your Webroot product, if you have any concerns that might arise if your external hard drive has been plugged in for long periods of time to your computer; a practice that I don't recommend.  Malware prefers the primary OS drive, but it is not shy about affecting other drives as well, particularly some species of ransomware.
 
Don't worry about the deadlines, Steve.  The normal response time rule here is 48 hours; but, as I explained in my opening comments, I won't "bump" a topic until after three days of non-response; and, I don't conclude it until after five days.  The reason for that is because the website tracks statistics for this particular Forum.  As you may have noted, only qualified Study Hall Seniors (under supervision), Malware Response Team members, and Malware Response Instructors, plus Moderators (of various ranks), are permitted to reply to topics in this Forum.  "Management" wants to ensure that everyone who posts in this Forum receives timely and complete help from fully qualified personnel.  That is why as you go to higher pages, you will see that the topics all get locked and concluded as "Resolved" or "Stale", unlike all of the other Forums here.
 
All of that said, if you let me know, in advance, or in two days, that your response will be delayed, by posting a note, the "clock" starts again.  If you tell me, and it does happen that people have commitments ("Real Life comes first), that you are going to be away or committed for a a week, or possibly even more, but you are going to respond, then there is no issue, ... as long as your assigned malware removal specialist knows about it, and it is posted.  "Management" doesn't like us to apparently "abandon" topics, for no good reason.  Eventually, topics have to be resolved, but we all understand the pressure of "real life."  "Real life" delayed my response to you today, though obviously I was well within the "rules", but I like to respond promptly during those hours that I am normally online.
 
Thank you, Steve, and have a great day.
 
Regards,
-Phil


Edited by garioch7, 15 March 2018 - 02:56 PM.
typo

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users