Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Melissa trojan...Viztec scam?

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
SanzFrancisco
Warrior


Joined: 23 Jun 2005
Last Visit: 18 Dec 2016
Posts: 145
Location: San Francisco

PostPosted: Mon Dec 05, 2016 1:47 pm    Post subject: Melissa trojan...Viztec scam? Reply with quote

My computer is still not working correctly. I was having trouble with my email accounts; deleted items didn't go to trash, but just disappeared. Called Comcast, my provider, and they transferred me to someone they said was an expert in Windows Live Mail. Only toward the end of the scan process did I find out it was Viztec. They said I had a Melissa trojan, and that someone from Germany had hacked my pc. $250 later and things are not going well.
Please help.....many thanks....janice

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18523
Run by janice at 12:24:33 on 2016-12-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5316 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\N360.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\N360.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\coIEPlg.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\coIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\coIEPlg.dll
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3BE74A30-7BE6-4951-A5FA-0569F57B6DF4} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.8.1.14\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.8.1.14\coieplg.dll
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\5ymdywzm.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\janice\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2015-9-26 30496]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\Windows\System32\drivers\N360x64\1608010.00E\symefasi64.sys [2016-11-19 1628888]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20161201.001\BHDrvx64.sys [2016-12-1 1874136]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1608010.00E\ccsetx64.sys [2016-11-19 174328]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20161202.001\IDSviA64.sys [2016-12-2 1012952]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2015-9-26 284448]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1608010.00E\ironx64.sys [2016-11-19 289520]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1608010.00E\symnets.sys [2016-11-19 567512]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2013-1-11 213440]
R2 N360;Norton 360;C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\n360.exe [2016-11-19 289080]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2014-5-22 101888]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-28 383776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2014-5-22 2595832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2016-10-3 156888]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2015-9-26 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-5-22 342528]
R3 LenovoRd;LenovoRd;C:\Windows\System32\drivers\LenovoRd.sys [2009-5-11 118016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S2 LPlatSvc;Lenovo Platform Service;C:\Windows\System32\LPlatSvc.exe [2016-11-1 711256]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-11-19 114688]
S3 ksapi64;ksapi64;C:\Windows\System32\drivers\ksapi64.sys [2016-12-1 56680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2016-11-19 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2016-11-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2016-11-19 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2016-11-7 1255736]
.
=============== Created Last 30 ================
.
2016-12-02 23:10:08 11781064 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-12-02 23:09:58 11781064 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0EC5D21-F5BF-42CA-A9E6-F4F92A310762}\mpengine.dll
2016-12-01 18:30:45 -------- d-----w- C:\ProgramData\Kingsoft
2016-12-01 18:30:45 -------- d-----w- C:\ProgramData\cmcm
2016-12-01 18:30:44 81768 ----a-w- C:\Windows\System32\drivers\ksapi.sys
2016-12-01 18:30:44 56680 ----a-w- C:\Windows\System32\drivers\ksapi64.sys
2016-12-01 18:30:43 -------- d-----w- C:\Program Files (x86)\cmcm
2016-12-01 18:22:12 -------- d-----w- C:\Users\janice\AppData\Local\LogMeIn Rescue Applet
2016-12-01 18:00:20 -------- d-----w- C:\Program Files (x86)\Citrix
2016-12-01 18:00:08 -------- d-----w- C:\Users\janice\AppData\Local\Citrix
2016-11-23 17:54:55 -------- d-----w- C:\Windows\System32\%LOCALAPPDATA%
2016-11-22 04:20:10 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2016-11-22 04:20:10 429568 ----a-w- C:\Windows\System32\wksprt.exe
2016-11-22 04:20:09 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2016-11-22 04:20:09 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2016-11-22 04:20:09 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2016-11-22 04:20:09 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2016-11-22 04:20:09 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2016-11-21 17:19:36 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2016-11-21 17:19:36 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2016-11-21 17:19:36 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2016-11-21 17:19:20 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2016-11-20 04:58:47 -------- d-----w- C:\Program Files\Synaptics
2016-11-20 04:55:34 -------- d-----w- C:\Windows\System32\MRT
2016-11-20 04:54:02 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2016-11-20 04:54:00 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2016-11-20 04:54:00 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2016-11-20 04:54:00 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2016-11-20 04:54:00 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2016-11-20 04:53:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2016-11-20 04:53:59 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2016-11-20 04:53:59 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2016-11-20 04:53:59 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2016-11-20 04:53:59 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2016-11-20 04:53:59 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2016-11-20 04:47:17 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2016-11-20 04:47:17 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2016-11-20 04:47:16 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2016-11-20 04:47:16 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2016-11-20 04:43:38 -------- d-----w- C:\Program Files\CONEXANT
2016-11-20 04:31:59 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2016-11-20 04:31:59 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2016-11-20 04:30:20 567512 ----a-w- C:\Windows\System32\drivers\N360x64\1608010.00E\symnets.sys
2016-11-20 04:30:19 49400 ----a-w- C:\Windows\System32\drivers\N360x64\1608010.00E\srtspx64.sys
2016-11-20 04:30:19 289520 ----a-w- C:\Windows\System32\drivers\N360x64\1608010.00E\ironx64.sys
2016-11-20 04:30:19 24192 ----a-r- C:\Windows\System32\drivers\N360x64\1608010.00E\symelam.sys
2016-11-20 04:30:19 174328 ----a-w- C:\Windows\System32\drivers\N360x64\1608010.00E\ccsetx64.sys
2016-11-20 04:30:19 1628888 ----a-w- C:\Windows\System32\drivers\N360x64\1608010.00E\symefasi64.sys
2016-11-20 04:21:57 41928 ----a-w- C:\Program Files (x86)\Mozilla Firefox\IA2Marshal.dll
2016-11-20 03:59:35 -------- d-s---w- C:\Windows\System32\CompatTel
2016-11-20 03:59:35 -------- d-----w- C:\Windows\System32\appraiser
2016-11-18 21:56:02 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2016-11-18 21:55:42 98816 ----a-w- C:\Windows\System32\wudriver.dll
2016-11-18 21:53:05 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2016-11-18 21:53:05 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2016-11-18 21:51:49 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2016-11-18 21:51:49 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2016-11-18 21:51:48 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2016-11-18 21:51:48 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2016-11-18 21:51:43 142336 ----a-w- C:\Windows\System32\poqexec.exe
2016-11-18 21:51:43 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2016-11-17 04:13:52 -------- d-----w- C:\Users\janice\AppData\Local\ElevatedDiagnostics
2016-11-16 05:48:04 -------- d-----w- C:\Users\janice\AppData\Local\Apple Computer
2016-11-16 05:47:12 -------- d-----w- C:\Program Files\iPod
2016-11-16 05:47:11 -------- d-----w- C:\Program Files\iTunes
2016-11-16 05:46:32 -------- d-----w- C:\Users\janice\AppData\Local\Apple
2016-11-16 05:46:07 -------- d-----w- C:\Program Files\Bonjour
2016-11-16 05:46:07 -------- d-----w- C:\Program Files (x86)\Bonjour
2016-11-07 13:31:33 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2016-11-07 13:31:33 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-11-07 13:14:56 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-11-07 12:49:10 -------- d-----w- C:\Windows\Migration
2016-11-07 12:35:34 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2016-11-07 12:09:49 -------- d-----w- C:\Windows\SysWow64\Wat
2016-11-07 12:09:49 -------- d-----w- C:\Windows\System32\Wat
2016-11-07 11:05:30 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2016-11-07 11:05:30 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2016-11-07 11:05:30 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2016-11-07 11:05:30 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2016-11-07 11:05:30 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2016-11-07 11:05:30 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2016-11-07 11:05:30 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2016-11-07 10:41:46 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2016-11-07 10:41:46 5120 ----a-w- C:\Windows\System32\wmi.dll
2016-11-07 10:41:46 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2016-11-07 10:21:03 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2016-11-07 10:21:03 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2016-11-07 10:21:03 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2016-11-07 10:21:03 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2016-11-07 10:20:59 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2016-11-07 10:20:59 8856 ----a-w- C:\Windows\System32\icardres.dll
2016-11-07 10:20:39 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2016-11-07 10:20:39 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2016-11-07 10:10:08 -------- d-----w- C:\Users\janice\AppData\Local\Google
2016-11-07 09:54:32 950272 ----a-w- C:\Windows\System32\perftrack.dll
2016-11-07 09:54:32 91136 ----a-w- C:\Windows\System32\wdi.dll
2016-11-07 09:54:32 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2016-11-07 09:54:32 29696 ----a-w- C:\Windows\System32\powertracker.dll
2016-11-07 09:50:58 2084864 ----a-w- C:\Windows\System32\ole32.dll
2016-11-07 09:50:57 1414144 ----a-w- C:\Windows\SysWow64\ole32.dll
2016-11-07 09:50:45 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2016-11-07 09:50:45 1118720 ----a-w- C:\Windows\System32\sbe.dll
2016-11-07 09:50:44 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2016-11-07 09:50:44 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2016-11-07 09:50:37 1743360 ----a-w- C:\Windows\System32\sysmain.dll
2016-11-07 09:50:34 2560 ----a-w- C:\Windows\System32\drivers\en-US\mountmgr.sys.mui
2016-11-07 09:48:59 994760 ----a-w- C:\Windows\System32\ucrtbase.dll
2016-11-07 09:48:59 922432 ----a-w- C:\Windows\SysWow64\ucrtbase.dll
2016-11-07 09:48:59 66400 ----a-w- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
2016-11-07 09:48:59 63840 ----a-w- C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2016-11-07 09:48:59 17760 ----a-w- C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2016-11-07 09:48:59 16224 ----a-w- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-07 09:48:59 16224 ----a-w- C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-07 09:48:59 12640 ----a-w- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
2016-11-07 09:48:59 12128 ----a-w- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
2016-11-07 09:48:59 12128 ----a-w- C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2016-11-07 09:48:52 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2016-11-07 09:48:52 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2016-11-07 09:46:50 52736 ----a-w- C:\Windows\System32\basesrv.dll
2016-11-07 09:46:32 515584 ----a-w- C:\Windows\System32\timedate.cpl
2016-11-07 09:46:32 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2016-11-07 09:46:29 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2016-11-07 09:46:29 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2016-11-07 09:46:29 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2016-11-07 09:44:58 381440 ----a-w- C:\Windows\System32\mfds.dll
2016-11-07 09:43:54 879104 ----a-w- C:\Windows\System32\tdh.dll
2016-11-07 09:42:57 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2016-11-07 09:41:58 76288 ----a-w- C:\Windows\System32\devenum.dll
2016-11-07 09:40:55 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2016-11-07 09:39:55 353280 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-11-07 09:38:15 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2016-11-07 09:38:15 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2016-11-07 09:38:15 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2016-11-07 09:38:15 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2016-11-07 09:38:15 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2016-11-07 09:03:43 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2016-11-07 09:03:43 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2016-11-07 09:03:43 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2016-11-12 03:07:57 784624 ----a-w- C:\Windows\System32\drivers\N360x64\1608010.00E\srtsp64.sys
2016-11-09 17:29:17 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-11-09 17:29:17 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-07 13:14:56 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-11-02 15:36:15 382696 ----a-w- C:\Windows\System32\atmfd.dll
2016-11-02 15:32:08 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-11-02 15:32:05 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-11-02 15:32:03 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-11-02 15:32:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-11-02 15:22:36 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-11-02 15:16:31 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-11-02 15:16:15 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-11-02 15:16:14 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-11-02 14:53:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-11-01 15:02:46 711256 ----a-w- C:\Windows\System32\LPlatSvc.exe
2016-11-01 15:02:40 184408 ----a-w- C:\Windows\System32\ibmpmsvc.exe
2016-11-01 15:02:14 88152 ----a-w- C:\Windows\System32\ibmpmctl.exe
2016-11-01 14:59:34 82824 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys
2016-11-01 14:59:34 58456 ----a-w- C:\Windows\System32\tpinspm.dll
2016-10-27 19:13:51 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-10-27 19:13:36 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-10-27 18:55:20 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-10-27 18:54:13 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-10-27 18:54:04 417792 ----a-w- C:\Windows\System32\html.iec
2016-10-27 18:53:35 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-10-27 18:53:20 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-10-27 18:37:41 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-10-27 18:37:40 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-10-27 18:37:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-10-27 18:28:32 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-10-27 18:19:40 6047744 ----a-w- C:\Windows\System32\jscript9.dll
2016-10-27 18:15:42 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-10-27 17:44:44 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-10-27 17:44:24 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-10-27 17:16:51 2920448 ----a-w- C:\Windows\System32\wininet.dll
2016-10-27 00:29:06 485032 ------w- C:\Windows\System32\MpSigStub.exe
2016-10-25 15:02:34 3219456 ----a-w- C:\Windows\System32\win32k.sys
2016-10-22 17:54:16 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-10-22 17:36:58 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-10-22 17:36:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-10-22 17:35:55 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-10-22 17:35:40 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-10-22 17:34:30 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-10-22 17:21:34 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-10-22 17:20:58 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-10-22 17:04:17 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-10-22 16:44:04 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-10-22 16:43:36 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-10-22 16:43:09 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-10-22 16:12:44 2444800 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-10-18 03:42:17 100592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2016-10-15 15:31:21 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2016-10-15 15:31:21 84480 ----a-w- C:\Windows\System32\INETRES.dll
2016-10-15 15:13:55 84480 ----a-w- C:\Windows\SysWow64\INETRES.dll
2016-10-15 15:13:55 741888 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2016-10-11 15:40:56 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-10-11 15:37:24 706792 ----a-w- C:\Windows\System32\winload.efi
2016-10-11 15:37:24 5547752 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-10-11 15:37:23 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-10-11 15:37:23 370920 ----a-w- C:\Windows\System32\clfs.sys
2016-10-11 15:37:23 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-10-11 15:34:46 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-10-11 15:31:59 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-10-11 15:24:41 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-10-11 15:24:41 3944680 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-10-11 15:21:52 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-10-11 15:03:45 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-10-11 15:03:43 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-10-11 15:03:41 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-10-11 15:03:03 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-10-11 14:59:53 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-10-11 14:59:03 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-10-11 14:56:22 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-10-11 14:55:48 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-10-11 14:55:46 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-10-11 14:55:33 346112 ----a-w- C:\Windows\System32\bcdedit.exe
2016-10-11 14:55:11 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-10-11 14:55:05 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-10-11 14:55:01 112640 ----a-w- C:\Windows\System32\smss.exe
2016-10-11 14:51:36 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-10-11 14:51:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-10-11 14:51:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-10-11 14:51:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-10-11 14:50:49 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-10-11 14:50:42 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-11 14:50:42 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-11 14:50:42 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-10-11 14:50:41 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-10-11 13:33:27 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2016-10-11 13:06:22 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2016-10-08 13:06:24 633296 ----a-w- C:\Windows\System32\winload.exe
2016-10-07 15:32:31 877056 ----a-w- C:\Windows\System32\oleaut32.dll
2016-10-07 15:32:28 3649536 ----a-w- C:\Windows\System32\MSVidCtl.dll
2016-10-07 15:32:20 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2016-10-07 15:12:49 581632 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2016-10-07 15:12:46 2291712 ----a-w- C:\Windows\SysWow64\MSVidCtl.dll
2016-10-07 15:12:39 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2016-10-05 14:54:43 90112 ----a-w- C:\Windows\System32\drivers\bowser.sys
2016-10-04 15:31:26 229376 ----a-w- C:\Windows\System32\wintrust.dll
2016-10-04 15:31:13 190976 ----a-w- C:\Windows\System32\cryptsvc.dll
.
============= FINISH: 12:25:08.38 ===============
Back to top
View user's profile Send private message MSN Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 23 Aug 2017
Posts: 10182
Location: Yorkshire

PostPosted: Fri Dec 09, 2016 9:55 pm    Post subject: Reply with quote

Not much showing in your DDS log, let's see if some other scans turn anything up.


  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.

    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.



Next ...

Please download AdwCleaner and save it to your desktop.


  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.


AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Summary of the logs I need from you in your next post:

  • FRST.txt
  • Addition.txt
  • ADWCleaner log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
SanzFrancisco
Warrior


Joined: 23 Jun 2005
Last Visit: 18 Dec 2016
Posts: 145
Location: San Francisco

PostPosted: Fri Dec 09, 2016 11:23 pm    Post subject: Reply with quote

Gary, I am not able to run the first scan. My computer says it is not safe. What part of Norton do I need to disable in order to complete this?
Do I need to do these things in the order you've requested, or can I run the second scan first?
Back to top
View user's profile Send private message MSN Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 23 Aug 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sat Dec 10, 2016 8:18 am    Post subject: Reply with quote

OK, first of all download both FRST and ADWCleaner.

Next, disconnect from the Internet.

Then right click on your Norton icon in the bottom right corner of your screen and select the option to disable Norton.

Now run the scans I asked for (doesn't matter what order you do them in).

When they've both completed, right click on your Norton icon again, and select the option to re-enable Norton.

Now reconnect to the internet and post me the logs produced by the scans.

Any problems then please let me know what they are, and we'll try to see if we can resolve them.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
SanzFrancisco
Warrior


Joined: 23 Jun 2005
Last Visit: 18 Dec 2016
Posts: 145
Location: San Francisco

PostPosted: Sat Dec 10, 2016 11:26 am    Post subject: Reply with quote

Gary, I have followed your instructions, and I still cannot run the first scan. Before I could even disable Norton, the computer removed the download. Frustrating.
Here is the Adware log.
# AdwCleaner v6.040 - Logfile created 10/12/2016 at 11:20:16
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-09.3 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : janice - HAZEL
# Running from : C:\Users\janice\Downloads\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKU\S-1-5-21-2461060277-4132095866-587163546-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKU\S-1-5-21-2461060277-4132095866-587163546-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -


***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\5ymdywzm.default\prefs.js] - "browser.download.lastDir" - "C:\\Users\\janice\\Desktop"
Firefox pref Found: [C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\5ymdywzm.default\prefs.js] - "extensions.toolbar.mindspark._eiMembers_.BUTTON_STRUCTURE" - "[{\"b\":224261750,\"c\":\"mindspark.magnify\",\"p\
Firefox pref Found: [C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\5ymdywzm.default\prefs.js] - "extensions.toolbar.mindspark._eiMembers_.lssState" - "{\"previousLocales\":[\"en-US\",\"en\"],\"supportedLocales
Firefox pref Found: [C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\5ymdywzm.default\prefs.js] - "extensions.toolbar.mindspark._eiMembers_.uninstallTasks" - "{\"prefBranchesToDelete\":[\"extensions.toolbar.mind
Firefox pref Found: [C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\5ymdywzm.default\prefs.js] - "media.webrtc.debug.log_file" - "C:\\Users\\janice\\AppData\\Local\\Temp\\WebRTC.log"
Firefox pref Found: [C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\5ymdywzm.default\prefs.js] - "services.sync.client.name" - "janice's Firefox on Hazel"
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2959 Bytes] - [09/12/2016 23:28:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [2871 Bytes] - [10/12/2016 11:20:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2944 Bytes] ##########
Back to top
View user's profile Send private message MSN Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 23 Aug 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sat Dec 10, 2016 2:30 pm    Post subject: Reply with quote

Do you have access to another computer, so that you can use it to download FRST to a USB drive, and then transfer it from that to your infected computer ????

If so, then disconnect your infected computer from the internet, then disable Norton before you attempt to transfer FRST from your USB to the infected machine.

Then run the FRST scan and post me the logs.

If you don't have another machine to download FRST on, then please do the following .....


  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.


Then ....

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on Run ESET Online Scanner

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....

    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop

  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
SanzFrancisco
Warrior


Joined: 23 Jun 2005
Last Visit: 18 Dec 2016
Posts: 145
Location: San Francisco

PostPosted: Mon Dec 12, 2016 10:28 am    Post subject: Reply with quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by janice (administrator) on HAZEL (12-12-2016 10:59:35)
Running from E:\
Loaded Profiles: UpdatusUser & janice (Available Profiles: UpdatusUser & janice)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\n360.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\n360.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-10-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-10-29] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3BE74A30-7BE6-4951-A5FA-0569F57B6DF4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2461060277-4132095866-587163546-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)

FireFox:
========
FF DefaultProfile: 5ymdywzm.default
FF ProfilePath: C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\5ymdywzm.default [2016-12-12]
FF Homepage: Mozilla\Firefox\Profiles\5ymdywzm.default -> hxxps://www.google.com/
FF Extension: (Adblock Plus) - C:\Users\janice\AppData\Roaming\Mozilla\Firefox\Profiles\5ymdywzm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-07]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-12-04]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-28] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-2461060277-4132095866-587163546-1001: @citrixonline.com/appdetectorplugin -> C:\Users\janice\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-12-01] (Citrix Online)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default [2016-12-03]
CHR Extension: (Google Drive) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-07]
CHR Extension: (YouTube) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-07]
CHR Extension: (Gmail) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\janice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-07]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [711256 2016-11-01] (Lenovo.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\N360.exe [289080 2016-11-11] (Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20161208.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-03] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20161208.005\IDSvia64.sys [1012952 2016-10-28] (Symantec Corporation)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-12-01] (Kingsoft Corporation)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-10-29] (NVIDIA Corporation)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20161128.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20161128.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 10:57 - 2016-12-12 10:59 - 00000000 ____D C:\FRST
2016-12-10 11:21 - 2016-12-10 11:21 - 00003031 _____ C:\Users\janice\Desktop\AdwCleaner[S1].txt
2016-12-09 23:51 - 2016-12-09 23:51 - 00000000 ____D C:\Users\Public\Documents\sun
2016-12-09 23:26 - 2016-12-10 11:20 - 00000000 ____D C:\AdwCleaner
2016-12-09 23:26 - 2016-12-09 23:26 - 03968464 _____ C:\Users\janice\Downloads\AdwCleaner.exe
2016-12-08 01:46 - 2016-12-08 01:46 - 00001500 _____ C:\Users\Public\Desktop\LibreOffice 5.2.lnk
2016-12-08 01:46 - 2016-12-08 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2
2016-12-08 01:27 - 2016-12-08 01:33 - 223248384 _____ C:\Users\janice\Downloads\LibreOffice_5.2.3_Win_x86.msi
2016-12-08 01:25 - 2016-12-08 01:25 - 00000000 ____D C:\Users\janice\AppData\Roaming\LibreOffice
2016-12-08 01:23 - 2016-12-08 01:46 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2016-12-07 22:54 - 2016-12-09 23:54 - 00000000 ____D C:\Users\janice\Documents\Recipes
2016-12-07 22:48 - 2016-12-07 22:48 - 00281544 _____ C:\Windows\Minidump\120716-23446-01.dmp
2016-12-07 20:56 - 2016-12-07 22:48 - 605041485 _____ C:\Windows\MEMORY.DMP
2016-12-07 20:56 - 2016-12-07 20:56 - 00285408 _____ C:\Windows\Minidump\120716-19094-01.dmp
2016-12-05 12:25 - 2016-12-05 12:26 - 00004727 _____ C:\Users\janice\Desktop\attach.txt
2016-12-05 12:25 - 2016-12-05 12:25 - 00029142 _____ C:\Users\janice\Desktop\dds.txt
2016-12-05 12:24 - 2016-12-05 12:24 - 00688992 ____R (Swearware) C:\Users\janice\Downloads\dds.scr
2016-12-02 18:42 - 2016-12-02 18:42 - 00002662 _____ C:\Users\janice\Documents\Dance1.wlmp
2016-12-02 18:38 - 2016-12-02 18:38 - 00002666 _____ C:\Users\janice\Documents\ShortDance.wlmp
2016-12-02 18:35 - 2016-12-02 18:35 - 00002656 _____ C:\Users\janice\Documents\Falling.wlmp
2016-12-02 18:27 - 2016-12-02 18:27 - 00002665 _____ C:\Users\janice\Documents\TankHill.wlmp
2016-12-02 18:18 - 2016-12-02 18:18 - 00002656 _____ C:\Users\janice\Documents\My Movie.wlmp
2016-12-02 15:02 - 2016-12-08 12:25 - 00334736 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-01 11:08 - 2016-12-01 11:08 - 01065376 _____ (Google Inc.) C:\Users\janice\Downloads\ChromeSetup.exe
2016-12-01 11:07 - 2016-12-01 11:07 - 00001465 _____ C:\Users\janice\Desktop\Windows Live Mail.lnk
2016-12-01 10:32 - 2016-12-08 12:27 - 00075720 _____ C:\Users\janice\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-01 10:30 - 2016-12-01 10:30 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2016-12-01 10:30 - 2016-12-01 10:30 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2016-12-01 10:30 - 2016-12-01 10:30 - 00000000 ____D C:\ProgramData\Kingsoft
2016-12-01 10:30 - 2016-12-01 10:30 - 00000000 ____D C:\ProgramData\cmcm
2016-12-01 10:30 - 2016-12-01 10:30 - 00000000 ____D C:\Program Files (x86)\cmcm
2016-12-01 10:22 - 2016-12-01 12:05 - 00000000 ____D C:\Users\janice\AppData\Local\LogMeIn Rescue Applet
2016-12-01 10:22 - 2016-12-01 10:22 - 01870376 _____ (LogMeIn, Inc.) C:\Users\janice\Downloads\Support-LogMeInRescue.exe
2016-12-01 10:00 - 2016-12-07 14:48 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-12-01 10:00 - 2016-12-01 10:00 - 00000000 ____D C:\Users\janice\AppData\Local\Citrix
2016-11-28 00:11 - 2016-12-02 18:12 - 76292633 _____ C:\Users\janice\Desktop\Raven dancing (1).mp4
2016-11-27 23:23 - 2016-12-02 18:12 - 51245910 _____ C:\Users\janice\Desktop\Raven dancing (3).mp4
2016-11-27 23:16 - 2016-12-02 18:12 - 103140773 _____ C:\Users\janice\Desktop\raven-falls.mp4
2016-11-27 20:02 - 2016-12-02 18:12 - 240182183 _____ C:\Users\janice\Desktop\Tank Hill w. Grandpa Mark.mp4
2016-11-23 09:54 - 2016-11-23 09:54 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2016-11-21 20:20 - 2015-07-16 11:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-11-21 20:20 - 2015-07-16 11:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-11-21 20:20 - 2015-07-16 11:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-11-21 20:20 - 2015-07-16 11:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-11-21 20:20 - 2015-07-16 11:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-11-21 20:20 - 2015-07-16 11:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-11-21 20:20 - 2015-07-11 05:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-11-21 09:19 - 2015-12-20 10:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-11-21 09:19 - 2015-12-20 10:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-11-21 09:19 - 2015-12-20 06:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-11-21 09:19 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-11-19 21:14 - 2016-11-19 21:14 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2016-11-19 21:08 - 2016-11-19 21:08 - 00003250 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-11-19 20:58 - 2016-11-19 20:58 - 00002982 _____ C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2016-11-19 20:58 - 2016-11-19 20:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2016-11-19 20:58 - 2016-11-19 20:58 - 00000000 ____D C:\Program Files\Synaptics
2016-11-19 20:55 - 2016-11-19 20:58 - 00000000 ____D C:\Windows\system32\MRT
2016-11-19 20:55 - 2016-11-19 20:55 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-19 20:54 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-11-19 20:54 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-11-19 20:54 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-11-19 20:54 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-11-19 20:53 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-11-19 20:53 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-11-19 20:53 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2016-11-19 20:53 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2016-11-19 20:53 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-11-19 20:53 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-11-19 20:47 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2016-11-19 20:47 - 2012-08-23 06:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2016-11-19 20:47 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2016-11-19 20:47 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2016-11-19 20:43 - 2016-11-19 20:43 - 00000000 ____D C:\Program Files\CONEXANT
2016-11-19 20:32 - 2016-10-11 07:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-19 20:32 - 2016-10-11 07:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-19 20:32 - 2016-10-11 07:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-19 20:32 - 2016-10-11 07:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-19 20:32 - 2016-10-11 07:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-19 20:32 - 2016-10-11 07:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-19 20:32 - 2016-10-11 07:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-19 20:32 - 2016-10-11 07:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-19 20:32 - 2016-10-11 07:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 07:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-19 20:32 - 2016-10-11 07:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-19 20:32 - 2016-10-11 07:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-19 20:32 - 2016-10-11 07:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-19 20:32 - 2016-10-11 06:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-19 20:32 - 2016-10-11 06:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-19 20:32 - 2016-10-11 06:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-19 20:32 - 2016-10-11 06:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-11-19 20:32 - 2016-10-11 06:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-19 20:32 - 2016-10-11 06:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-19 20:32 - 2016-10-11 06:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-19 20:32 - 2016-10-11 06:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-19 20:32 - 2016-10-11 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-19 20:32 - 2016-10-11 06:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-19 20:32 - 2016-10-11 06:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-19 20:32 - 2016-10-11 06:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-19 20:32 - 2016-10-11 06:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-19 20:32 - 2016-10-11 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-19 20:32 - 2016-10-11 06:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-19 20:32 - 2016-10-11 05:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-11-19 20:32 - 2016-10-11 05:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-11-19 20:32 - 2016-10-08 05:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-11-19 20:32 - 2016-10-04 07:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-11-19 20:32 - 2016-10-04 07:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-11-19 20:32 - 2016-10-04 07:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-11-19 20:32 - 2016-10-04 07:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-11-19 20:32 - 2016-10-04 07:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-11-19 20:32 - 2016-10-04 07:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-11-19 20:32 - 2016-10-04 07:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-11-19 20:32 - 2016-10-04 07:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-11-19 20:32 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-11-19 20:32 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-11-19 20:32 - 2015-12-16 10:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-11-19 20:32 - 2015-12-16 10:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-11-19 20:32 - 2015-12-16 10:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-11-19 20:32 - 2015-12-16 10:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-11-19 20:32 - 2015-08-05 09:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-11-19 20:32 - 2015-08-05 09:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-11-19 20:31 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-11-19 20:31 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-11-19 20:28 - 2016-11-02 07:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-19 20:28 - 2016-11-02 07:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-19 20:28 - 2016-11-02 07:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-19 20:28 - 2016-11-02 07:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-19 20:28 - 2016-11-02 07:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-19 20:28 - 2016-11-02 07:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-19 20:28 - 2016-11-02 07:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-19 20:28 - 2016-11-02 07:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-19 20:28 - 2016-11-02 07:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-19 20:28 - 2016-11-02 06:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-19 20:28 - 2016-10-27 19:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-19 20:28 - 2016-10-27 19:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-19 20:28 - 2016-10-27 11:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-19 20:28 - 2016-10-27 11:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-19 20:28 - 2016-10-27 10:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-19 20:28 - 2016-10-27 10:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-19 20:28 - 2016-10-27 10:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-19 20:28 - 2016-10-27 10:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-19 20:28 - 2016-10-27 10:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-19 20:28 - 2016-10-27 10:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-19 20:28 - 2016-10-27 10:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-19 20:28 - 2016-10-27 10:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-19 20:28 - 2016-10-27 10:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-19 20:28 - 2016-10-27 10:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-19 20:28 - 2016-10-27 10:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-19 20:28 - 2016-10-27 10:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-19 20:28 - 2016-10-27 10:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-19 20:28 - 2016-10-27 10:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-19 20:28 - 2016-10-27 10:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-19 20:28 - 2016-10-27 10:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-19 20:28 - 2016-10-27 10:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-19 20:28 - 2016-10-27 10:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-19 20:28 - 2016-10-27 10:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-19 20:28 - 2016-10-27 10:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-19 20:28 - 2016-10-27 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-19 20:28 - 2016-10-27 10:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-19 20:28 - 2016-10-27 10:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-19 20:28 - 2016-10-27 09:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-19 20:28 - 2016-10-27 09:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-19 20:28 - 2016-10-27 09:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-19 20:28 - 2016-10-27 09:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-19 20:28 - 2016-10-27 09:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-19 20:28 - 2016-10-27 09:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-19 20:28 - 2016-10-27 09:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-19 20:28 - 2016-10-27 09:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-19 20:28 - 2016-10-27 08:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-19 20:28 - 2016-10-27 07:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-19 20:28 - 2016-10-25 07:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-19 20:28 - 2016-10-22 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-19 20:28 - 2016-10-22 09:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-19 20:28 - 2016-10-22 09:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-19 20:28 - 2016-10-22 09:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-19 20:28 - 2016-10-22 09:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-19 20:28 - 2016-10-22 09:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-19 20:28 - 2016-10-22 09:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-19 20:28 - 2016-10-22 09:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-19 20:28 - 2016-10-22 09:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-19 20:28 - 2016-10-22 09:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-19 20:28 - 2016-10-22 09:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-19 20:28 - 2016-10-22 09:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-19 20:28 - 2016-10-22 09:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-19 20:28 - 2016-10-22 09:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-19 20:28 - 2016-10-22 09:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-19 20:28 - 2016-10-22 09:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-19 20:28 - 2016-10-22 08:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-19 20:28 - 2016-10-22 08:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-19 20:28 - 2016-10-22 08:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-19 20:28 - 2016-10-22 08:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-19 20:28 - 2016-10-22 08:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-19 20:28 - 2016-10-22 08:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-19 20:28 - 2016-10-22 08:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-19 20:28 - 2016-10-22 08:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-19 20:28 - 2016-10-22 08:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-19 20:28 - 2016-10-22 08:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-19 20:28 - 2016-10-22 08:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-19 20:28 - 2016-10-22 08:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-19 20:28 - 2016-10-22 08:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-19 20:28 - 2016-10-15 07:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-19 20:28 - 2016-10-15 07:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-19 20:28 - 2016-10-15 07:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-19 20:28 - 2016-10-15 07:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-19 20:28 - 2016-10-11 07:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-19 20:28 - 2016-10-11 07:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-19 20:28 - 2016-10-11 07:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-19 20:28 - 2016-10-11 07:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-19 20:28 - 2016-10-11 07:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-19 20:28 - 2016-10-11 07:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-19 20:28 - 2016-10-11 07:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-19 20:28 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-19 20:28 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-19 20:28 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-19 20:28 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-19 20:28 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-19 20:28 - 2016-10-11 07:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-19 20:28 - 2016-10-11 07:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-19 20:28 - 2016-10-11 07:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-19 20:28 - 2016-10-11 07:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-19 20:28 - 2016-10-11 07:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-19 20:28 - 2016-10-11 07:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-19 20:28 - 2016-10-11 07:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-19 20:28 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-19 20:28 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-19 20:28 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-19 20:28 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-19 20:28 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-19 20:28 - 2016-10-11 07:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-19 20:28 - 2016-10-11 05:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-19 20:28 - 2016-10-11 05:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-19 20:28 - 2016-10-07 07:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-19 20:28 - 2016-10-07 07:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-19 20:28 - 2016-10-07 07:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-19 20:28 - 2016-10-07 07:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-19 20:28 - 2016-10-07 07:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-19 20:28 - 2016-10-07 07:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-19 20:28 - 2016-10-05 06:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-19 20:28 - 2016-09-15 06:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-19 20:28 - 2016-09-13 07:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-19 20:28 - 2016-09-13 07:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-19 20:28 - 2016-09-09 10:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-19 20:28 - 2016-09-09 10:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-19 20:28 - 2016-08-22 08:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-19 20:22 - 2016-12-12 10:47 - 00000000 ____D C:\Users\janice\AppData\LocalLow\Mozilla
2016-11-19 20:21 - 2016-12-02 15:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-19 19:59 - 2016-11-19 19:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-11-19 19:59 - 2016-11-19 19:59 - 00000000 ____D C:\Windows\system32\appraiser
2016-11-18 13:57 - 2016-09-12 13:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-11-18 13:57 - 2016-09-12 12:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-11-18 13:57 - 2016-09-12 11:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-11-18 13:57 - 2016-09-12 10:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-11-18 13:57 - 2016-09-12 10:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-11-18 13:57 - 2016-09-08 12:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-11-18 13:57 - 2016-09-08 12:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-11-18 13:57 - 2016-09-08 12:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-11-18 13:57 - 2016-09-08 12:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-11-18 13:57 - 2016-09-08 06:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-11-18 13:57 - 2016-09-08 06:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-11-18 13:57 - 2016-08-12 09:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-11-18 13:57 - 2016-08-12 09:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-11-18 13:57 - 2016-08-12 09:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-11-18 13:57 - 2016-08-12 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-11-18 13:57 - 2016-08-12 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-11-18 13:57 - 2016-08-12 08:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-11-18 13:57 - 2016-08-12 08:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-11-18 13:57 - 2016-08-12 08:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-11-18 13:57 - 2016-08-12 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-11-18 13:57 - 2016-08-12 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-11-18 13:57 - 2016-08-12 08:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-11-18 13:57 - 2016-08-12 08:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-11-18 13:57 - 2016-08-12 08:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-11-18 13:57 - 2016-08-12 08:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-11-18 13:57 - 2016-08-06 07:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-11-18 13:57 - 2016-08-06 07:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-11-18 13:57 - 2016-08-06 07:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-11-18 13:57 - 2016-08-06 07:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-11-18 13:57 - 2016-08-06 07:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-11-18 13:57 - 2016-08-06 07:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-11-18 13:57 - 2016-08-06 07:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-11-18 13:57 - 2016-08-06 07:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-11-18 13:57 - 2016-08-06 07:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-11-18 13:57 - 2016-08-06 07:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-11-18 13:57 - 2016-08-06 07:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-11-18 13:57 - 2016-08-06 07:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-11-18 13:57 - 2016-08-06 07:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-11-18 13:57 - 2016-08-06 06:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-11-18 13:57 - 2016-08-06 06:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-11-18 13:57 - 2016-08-06 06:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-11-18 13:57 - 2016-06-14 09:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-11-18 13:57 - 2016-06-14 09:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-11-18 13:57 - 2016-06-14 09:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-11-18 13:57 - 2016-06-14 07:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-11-18 13:57 - 2016-06-14 07:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-11-18 13:57 - 2016-06-14 07:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-11-18 13:57 - 2016-06-14 07:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-11-18 13:57 - 2016-06-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-11-18 13:57 - 2016-06-14 07:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-11-18 13:57 - 2016-06-14 07:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-11-18 13:57 - 2016-06-14 07:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-11-18 13:56 - 2016-09-12 13:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-11-18 13:56 - 2016-09-12 13:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 00224256 _____ (Microsoft Corporation)
Back to top
View user's profile Send private message MSN Messenger
SanzFrancisco
Warrior


Joined: 23 Jun 2005
Last Visit: 18 Dec 2016
Posts: 145
Location: San Francisco

PostPosted: Mon Dec 12, 2016 11:21 am    Post subject: Reply with quote

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by janice (12-12-2016 11:00:10)
Running from E:\
Windows 7 Professional Service Pack 1 (X64) (2016-08-30 19:01:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2461060277-4132095866-587163546-500 - Administrator - Disabled)
Guest (S-1-5-21-2461060277-4132095866-587163546-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2461060277-4132095866-587163546-1003 - Limited - Enabled)
janice (S-1-5-21-2461060277-4132095866-587163546-1001 - Administrator - Enabled) => C:\Users\janice
UpdatusUser (S-1-5-21-2461060277-4132095866-587163546-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Power Management Driver (Version: 1.67.12.19 - Lenovo) Hidden
LibreOffice 5.2.3.3 (HKLM-x32\...\{30605C95-A3A0-4A08-AD58-9AE7ABA47B70}) (Version: 5.2.3.3 - The Document Foundation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.8.1.14 - Symantec Corporation)
NVIDIA 3D Vision Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation)
NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 34.7.35161 - Sonos, Inc.)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {037FE3B4-5AB7-4835-A753-07E1D5061D29} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {43747E13-78FA-4594-97EE-FC0873C11E72} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {63DBAC97-5422-4B72-85F5-0E4C01C92985} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {67AE343A-9F68-41FC-814B-3DEC03D2C219} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\WSCStub.exe [2016-11-11] (Symantec Corporation)
Task: {AD22A741-6369-4E4E-BC5E-0DFD379D6364} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Norton 360\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {C0D698C7-9F2C-4997-BA88-409AF4117396} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-11-11] (Symantec Corporation)
Task: {E28DD498-F415-4FF8-A739-12D3D091911A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-26 15:39 - 2013-10-28 16:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-01 11:58 - 2011-11-01 11:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2006-09-14 06:56 - 2006-09-14 06:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-22 14:14 - 2016-03-02 00:52 - 00102904 _____ () C:\Windows\System32\IccLibDll_x64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2461060277-4132095866-587163546-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-2461060277-4132095866-587163546-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\janice\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{191E7963-5651-461E-8D35-894F4E74DE26}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D6C1EF45-85D3-465B-9D15-865C6B397734}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6FA63EFF-01A3-443F-BC64-DC5644D51DBE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A87DB09-AF0C-4B4E-9A82-1D63E6D49F2A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{35D0A62E-2274-4210-9D2A-F5C38BB36B3F}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{096EB9C3-8807-4524-9862-44C5FC29ADB1}] => LPort=2869
FirewallRules: [{61B81E25-8CD9-4086-A237-FDAF72A14BCA}] => LPort=1900
FirewallRules: [{500CFD40-E045-4449-8B1B-E9446E2DFA5B}] => C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{CDC2B228-867A-4662-A797-B29A74C86D5A}] => C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{254D7533-27E5-47F3-9CDA-10F249DFB16F}] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{0C3C18AE-D555-4AFA-8D17-24CB45F06BD0}] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{C1725D0C-E472-4019-9553-E456D7B54298}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B11CC455-85D7-467C-8E09-F290B15D0A63}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CEFE086B-9F66-4A34-8ADD-9695BF8BC670}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F732102D-69EB-4012-8667-AC87718D40E8}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1640DA02-0BAA-4053-8BD7-211FD0A10BE9}] => C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

25-11-2016 14:48:17 Windows Update
29-11-2016 13:27:42 Windows Update
01-12-2016 10:28:40 JRT Pre-Junkware Removal
02-12-2016 15:09:17 Windows Update
06-12-2016 19:35:56 Windows Update
08-12-2016 01:40:42 Installed LibreOffice 5.2.3.3

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2016 10:47:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/10/2016 10:54:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/09/2016 11:15:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/08/2016 12:25:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/07/2016 10:49:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/07/2016 08:57:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/07/2016 01:45:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/06/2016 07:30:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/05/2016 10:38:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/04/2016 11:17:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.18933, time stamp: 0x55a6a1d1
Exception code: 0xc0000005
Fault offset: 0x0000000000004e03
Faulting process id: 0xa58
Faulting application start time: 0x01d24e8cdd3c6546
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: d086a087-baba-11e6-8fdd-0021ccb7b1a6


System errors:
=============
Error: (12/12/2016 10:54:07 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/12/2016 10:54:06 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/12/2016 10:54:06 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/12/2016 10:54:05 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/12/2016 10:46:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

Error: (12/11/2016 03:25:53 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/10/2016 07:48:56 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/10/2016 10:54:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

Error: (12/09/2016 11:15:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.

Error: (12/08/2016 12:25:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lenovo Platform Service service to connect.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 28%
Total physical RAM: 8075.23 MB
Available physical RAM: 5796.19 MB
Total Virtual: 16148.65 MB
Available Virtual: 13844.96 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:460.76 GB) (Free:363.61 GB) NTFS
Drive e: (LEXAR) (Removable) (Total:3.73 GB) (Free:3.71 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool (Size: 465.8 GB) (Disk ID: 882E9E75)
Partition 1: (Active) - (Size=5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=460.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)

==================== End of Addition.txt ============================
Back to top
View user's profile Send private message MSN Messenger
SanzFrancisco
Warrior


Joined: 23 Jun 2005
Last Visit: 18 Dec 2016
Posts: 145
Location: San Francisco

PostPosted: Mon Dec 12, 2016 12:41 pm    Post subject: Reply with quote

ESET......is this all there is to it??

C:\Users\janice\Downloads\ccsetup523.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
Back to top
View user's profile Send private message MSN Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 23 Aug 2017
Posts: 10182
Location: Yorkshire

PostPosted: Mon Dec 12, 2016 2:23 pm    Post subject: Reply with quote

Part of your FRST.txt log has been cut short by the forum post size limiter, so I'll need you to post me the missing part.

Please post the section starting from ....

Quote:
2016-11-18 13:56 - 2016-09-09 07:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 00224256 _____ (Microsoft Corporation)


.... till the end of the log.

No need to post anything else.

Oh, and in answer to your question about e-set, if that's all it found, then yes. that's all there will be in the log.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
SanzFrancisco
Warrior


Joined: 23 Jun 2005
Last Visit: 18 Dec 2016
Posts: 145
Location: San Francisco

PostPosted: Mon Dec 12, 2016 3:29 pm    Post subject: Reply with quote

Hope it fits
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-20160000000 ____D C:\Windows\system32\appraiser
2016-11-18 13:57 - 2016-09-12 13:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-11-18 13:57 - 2016-09-12 12:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-11-18 13:57 - 2016-09-12 11:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-11-18 13:57 - 2016-09-12 10:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-11-18 13:57 - 2016-09-12 10:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-11-18 13:57 - 2016-09-08 12:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-11-18 13:57 - 2016-09-08 12:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-11-18 13:57 - 2016-09-08 12:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-11-18 13:57 - 2016-09-08 12:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-11-18 13:57 - 2016-09-08 06:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-11-18 13:57 - 2016-09-08 06:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-11-18 13:57 - 2016-08-12 09:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-11-18 13:57 - 2016-08-12 09:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-11-18 13:57 - 2016-08-12 09:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-11-18 13:57 - 2016-08-12 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-11-18 13:57 - 2016-08-12 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-11-18 13:57 - 2016-08-12 08:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-11-18 13:57 - 2016-08-12 08:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-11-18 13:57 - 2016-08-12 08:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-11-18 13:57 - 2016-08-12 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-11-18 13:57 - 2016-08-12 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-11-18 13:57 - 2016-08-12 08:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-11-18 13:57 - 2016-08-12 08:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-11-18 13:57 - 2016-08-12 08:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-11-18 13:57 - 2016-08-12 08:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-11-18 13:57 - 2016-08-06 07:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-11-18 13:57 - 2016-08-06 07:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-11-18 13:57 - 2016-08-06 07:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-11-18 13:57 - 2016-08-06 07:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-11-18 13:57 - 2016-08-06 07:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-11-18 13:57 - 2016-08-06 07:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-11-18 13:57 - 2016-08-06 07:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-11-18 13:57 - 2016-08-06 07:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-11-18 13:57 - 2016-08-06 07:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-11-18 13:57 - 2016-08-06 07:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-11-18 13:57 - 2016-08-06 07:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-11-18 13:57 - 2016-08-06 07:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-11-18 13:57 - 2016-08-06 07:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-11-18 13:57 - 2016-08-06 06:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-11-18 13:57 - 2016-08-06 06:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-11-18 13:57 - 2016-08-06 06:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-11-18 13:57 - 2016-06-14 09:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-11-18 13:57 - 2016-06-14 09:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-11-18 13:57 - 2016-06-14 09:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-11-18 13:57 - 2016-06-14 09:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-11-18 13:57 - 2016-06-14 07:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-11-18 13:57 - 2016-06-14 07:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-11-18 13:57 - 2016-06-14 07:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-11-18 13:57 - 2016-06-14 07:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-11-18 13:57 - 2016-06-14 07:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-11-18 13:57 - 2016-06-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-11-18 13:57 - 2016-06-14 07:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-11-18 13:57 - 2016-06-14 07:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-11-18 13:57 - 2016-06-14 07:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-11-18 13:56 - 2016-09-12 13:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-11-18 13:56 - 2016-09-12 13:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-11-18 13:56 - 2016-09-09 07:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-11-18 13:56 - 2016-03-23 14:40 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-11-18 13:56 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2016-11-18 13:56 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2016-11-18 13:56 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2016-11-18 13:56 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2016-11-18 13:56 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2016-11-18 13:56 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2016-11-18 13:56 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2016-11-18 13:56 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2016-11-18 13:56 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2016-11-18 13:56 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2016-11-18 13:55 - 2016-05-13 14:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-11-18 13:55 - 2016-05-13 14:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-11-18 13:55 - 2016-05-13 14:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-11-18 13:55 - 2016-05-13 14:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-11-18 13:55 - 2016-05-13 13:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-11-18 13:55 - 2016-05-13 13:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-11-18 13:55 - 2016-05-13 13:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-11-18 13:55 - 2016-05-13 13:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-11-18 13:55 - 2016-05-13 13:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-11-18 13:55 - 2016-05-13 13:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-11-18 13:55 - 2016-05-13 13:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-11-18 13:55 - 2016-05-13 13:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-11-18 13:55 - 2016-05-13 13:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-11-18 13:55 - 2016-05-13 13:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-11-18 13:55 - 2016-05-13 13:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-11-18 13:55 - 2016-05-13 13:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-11-18 13:55 - 2016-05-12 07:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-11-18 13:55 - 2016-05-04 09:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-11-18 13:55 - 2016-05-04 09:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-11-18 13:55 - 2016-05-04 09:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-11-18 13:55 - 2016-05-04 09:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-11-18 13:55 - 2016-05-04 09:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-11-18 13:55 - 2016-05-04 09:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-11-18 13:55 - 2016-05-04 09:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-11-18 13:55 - 2016-05-04 09:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-11-18 13:55 - 2016-05-04 07:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-11-18 13:55 - 2016-05-04 06:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-11-18 13:53 - 2015-07-30 10:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-11-18 13:53 - 2015-07-30 09:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-11-18 13:52 - 2016-08-29 07:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-11-18 13:52 - 2016-08-29 07:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-11-18 13:52 - 2016-08-29 07:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-11-18 13:52 - 2016-08-29 07:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-11-18 13:52 - 2016-08-29 07:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-11-18 13:52 - 2016-08-29 07:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-11-18 13:52 - 2016-08-29 07:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-11-18 13:52 - 2016-08-29 06:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-11-18 13:52 - 2016-08-16 12:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-11-18 13:52 - 2016-08-16 12:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-11-18 13:52 - 2016-08-16 12:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-11-18 13:52 - 2016-08-16 12:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-11-18 13:52 - 2016-08-16 12:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-11-18 13:52 - 2016-08-16 12:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-11-18 13:52 - 2016-08-16 12:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-11-18 13:52 - 2016-08-16 09:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-11-18 13:52 - 2016-08-15 18:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-11-18 13:52 - 2016-07-07 07:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-11-18 13:52 - 2016-07-07 07:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-11-18 13:52 - 2016-07-07 07:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-11-18 13:52 - 2016-07-07 07:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-11-18 13:52 - 2016-04-14 05:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-11-18 13:52 - 2016-04-14 05:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-11-18 13:52 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-11-18 13:52 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-11-18 13:52 - 2011-03-10 22:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2016-11-18 13:52 - 2011-03-10 22:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2016-11-18 13:52 - 2011-03-10 22:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2016-11-18 13:52 - 2011-03-10 22:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2016-11-18 13:52 - 2011-03-10 22:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2016-11-18 13:52 - 2011-03-10 22:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-11-18 13:52 - 2011-03-10 22:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2016-11-18 13:52 - 2011-03-10 21:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-11-18 13:52 - 2011-03-10 21:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2016-11-18 13:51 - 2016-07-22 06:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-11-18 13:51 - 2016-07-22 06:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-11-18 13:51 - 2016-04-08 20:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-11-18 13:51 - 2016-04-08 19:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-11-18 13:51 - 2015-02-03 19:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-11-18 13:51 - 2015-02-03 18:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-11-18 13:44 - 2016-11-18 13:44 - 00000000 _____ C:\autoexec.bat
2016-11-18 13:34 - 2016-11-18 13:35 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\janice\Downloads\SpyHunter-Installer.exe
2016-11-16 20:13 - 2016-11-19 20:19 - 00000000 ____D C:\Users\janice\AppData\Local\ElevatedDiagnostics
2016-11-15 21:48 - 2016-11-15 21:49 - 00000000 ____D C:\Users\janice\AppData\Roaming\Apple Computer
2016-11-15 21:48 - 2016-11-15 21:48 - 00000000 ____D C:\Users\janice\AppData\Local\Apple Computer
2016-11-15 21:47 - 2016-11-15 21:47 - 00001760 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-15 21:47 - 2016-11-15 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-15 21:47 - 2016-11-15 21:47 - 00000000 ____D C:\ProgramData\Apple Computer
2016-11-15 21:47 - 2016-11-15 21:47 - 00000000 ____D C:\Program Files\iTunes
2016-11-15 21:47 - 2016-11-15 21:47 - 00000000 ____D C:\Program Files\iPod
2016-11-15 21:46 - 2016-11-15 21:46 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-11-15 21:46 - 2016-11-15 21:46 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-11-15 21:46 - 2016-11-15 21:46 - 00000000 ____D C:\Users\janice\AppData\Local\Apple
2016-11-15 21:46 - 2016-11-15 21:46 - 00000000 ____D C:\Program Files\Bonjour
2016-11-15 21:46 - 2016-11-15 21:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-11-15 21:46 - 2016-11-15 21:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-11-15 21:45 - 2016-11-15 21:47 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-15 21:45 - 2016-11-15 21:46 - 00000000 ____D C:\ProgramData\Apple
2016-11-15 21:42 - 2016-11-15 21:43 - 177311560 _____ (Apple Inc.) C:\Users\janice\Downloads\iTunes6464Setup(1).exe
2016-11-15 21:41 - 2016-11-15 21:42 - 177311560 _____ (Apple Inc.) C:\Users\janice\Downloads\iTunes6464Setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 10:58 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-12 10:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-12-12 10:54 - 2009-07-13 20:45 - 00021744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-12 10:54 - 2009-07-13 20:45 - 00021744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-12 10:46 - 2015-09-26 15:40 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-12 10:46 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-11 21:29 - 2016-09-17 13:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-11 14:39 - 2016-09-14 10:36 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-12-10 12:37 - 2016-10-17 12:16 - 00001960 _____ C:\Users\Public\Desktop\Sonos.lnk
2016-12-10 12:37 - 2016-10-17 12:16 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2016-12-10 12:37 - 2016-10-17 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2016-12-10 12:37 - 2016-10-17 12:16 - 00000000 ____D C:\Program Files (x86)\Sonos
2016-12-10 12:37 - 2016-10-17 12:15 - 00000000 ____D C:\Users\janice\AppData\Local\Downloaded Installations
2016-12-08 12:27 - 2015-09-26 15:40 - 00000000 ____D C:\Users\UpdatusUser
2016-12-07 22:48 - 2016-08-30 12:44 - 00000000 ____D C:\Windows\Minidump
2016-12-07 22:42 - 2016-09-12 16:24 - 00000000 ____D C:\Users\janice\AppData\Local\Windows Live
2016-12-03 10:40 - 2016-11-07 02:10 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-02 15:02 - 2016-08-30 12:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-01 10:31 - 2014-05-22 08:39 - 00000000 ____D C:\Windows\Panther
2016-11-28 13:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-23 09:54 - 2009-07-13 21:08 - 00030912 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-22 11:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-11-20 12:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2016-11-19 21:08 - 2016-09-17 11:12 - 00002498 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-11-19 21:08 - 2016-09-07 20:02 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2016-11-19 21:08 - 2016-08-30 14:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2016-11-19 21:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-11-19 20:39 - 2016-09-12 17:25 - 00775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-11-19 20:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-11-19 19:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Dism
2016-11-18 13:34 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-15 13:37 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2016-08-30 11:01 - 2013-01-11 14:13 - 0022464 _____ (Intel Corporation) C:\Users\janice\AppData\Roaming\JomCap.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-04 17:09

==================== End of FRST.txt ============================
Back to top
View user's profile Send private message MSN Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 23 Aug 2017
Posts: 10182
Location: Yorkshire

PostPosted: Mon Dec 12, 2016 3:44 pm    Post subject: Reply with quote

It's getting on for midnight where I am, so it will be tomorrow before I've had chance to go through your logs fully.

Talk to you then.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 23 Aug 2017
Posts: 10182
Location: Yorkshire

PostPosted: Tue Dec 13, 2016 1:57 am    Post subject: Reply with quote

OK, let's deal with what we've found, and see if that gets us anywhere.

Don't forget to disconnect from the Internet, and disable Norton, or it may interfere with what we're trying to do.

First ...

If you haven't already done so ...


  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.


Next ...


  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy/Paste the contents of the code box below into Notepad (don't include Code:).


Code:
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-12-01] (Kingsoft Corporation)
2016-12-01 10:30 - 2016-12-01 10:30 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2016-12-01 10:30 - 2016-12-01 10:30 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2016-12-01 10:30 - 2016-12-01 10:30 - 00000000 ____D C:\ProgramData\Kingsoft
C:\Users\janice\Downloads\ccsetup523.exe
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns



    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt



NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log



Summary of the logs I need from you in your next post:

  • ADWCleaner log
  • Fixlist.txt
  • Please let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

Don't forget to re-enable Norton before reconnecting to the internet.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
SanzFrancisco
Warrior


Joined: 23 Jun 2005
Last Visit: 18 Dec 2016
Posts: 145
Location: San Francisco

PostPosted: Wed Dec 14, 2016 1:30 pm    Post subject: Reply with quote

# AdwCleaner v6.040 - Logfile created 14/12/2016 at 13:25:36
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-09.3 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : janice - HAZEL
# Running from : C:\Users\janice\Downloads\AdwCleaner(1).exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-2461060277-4132095866-587163546-1001\Software\Microsoft

\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-2461060277-4132095866-587163546-1001\Software

\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-

E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes

\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes

[DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer

\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes

[DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.download.lastDir" - "C:\\Users\\janice\

\Desktop"
[-] Chrome preferences cleaned:

"extensions.toolbar.mindspark._eiMembers_.BUTTON_STRUCTURE" - "[{\"b\":224261750,\"c

\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224261751,\"c\":

\"mindspark.entersearchterms\",\"p\":\"L.0.0\"},{\"b\":224261753,\"c\":

\"mindspark.full\",\"p\":\"L.0.1\"},{\"b\":224261757,\"c\":\"mindspark.imagesearch\",

\"p\":\"L.0.2\"},{\"b\":224261760,\"c\":\"mindspark.advanced\",\"p\":\"L.0.3\"},{\"b

\":224261763,\"c\":\"mindspark.directorysearch\",\"p\":\"L.0.4\"},{\"b\":224261674,

\"c\":\"mindspark.search\",\"p\":\"L.1\"},{\"b\":230292040,\"v\":\"1.1.13\",\"p\":

\"L.2\"},{\"b\":224261687,\"c\":\"mindspark.product\",\"p\":\"L.3\"},{\"b

\":224261688,\"c\":\"mindspark.notspyware\",\"p\":\"L.3.0\"},{\"b\":224261695,\"c\":

\"mindspark.help\",\"p\":\"L.3.1\"},{\"b\":224261701,\"c\":\"mindspark.version\",\"p

\":\"L.3.2\"},{\"b\":224261886,\"c\":\"mindspark.recipesearch\",\"v\":\"1.0.6\",\"p

\":\"L.4\"},{\"b\":224261710,\"c\":\"mindspark.dailyrecipewidget\",\"p\":\"L.5\"},

{\"b\":226183733,\"c\":\"mindspark.newrecipes\",\"v\":\"1.2.3\",\"p\":\"L.6\"},{\"b

\":226183732,\"c\":\"mindspark.healthymeals\",\"v\":\"1.2.3\",\"p\":\"L.7\"},{\"b

\":226183735,\"c\":\"mindspark.desserts\",\"v\":\"1.2.3\",\"p\":\"L.8\"},{\"b

\":231756801,\"c\":\"mindspark.menuplanner\",\"p\":\"L.9\"},{\"b\":224261719,\"c\":

\"mindspark.radio\",\"v\":\"1.0.3\",\"p\":\"L.10\"},{\"b\":225852321,\"c\":

\"mindspark.facebook\",\"p\":\"L.11\"},{\"b\":224261767,\"c\":\"mindspark.wrench\",

\"p\":\"R.0\"}]"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._eiMembers_.lssState" -

"{\"previousLocales\":[\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"es\",\"pt\",

\"ja\",\"en\"],\"defaultLocale\":\"en\",\"supportedLocale\":\"en\",\"previousLocale

\":\"en\"}"
[-] Chrome preferences cleaned:

"extensions.toolbar.mindspark._eiMembers_.uninstallTasks" - "{\"prefBranchesToDelete

\":[\"extensions.toolbar.mindspark._eiMembers_.\"],\"filesToDelete\":[\"C:\\\\Users\\

\\janice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5ymdywzm.default\

\\\100sofRecipes_ei\\\\3394F1E5-420A-4819-B952-64461A31D124.sqlite\",\"C:\\\\Users\\\

\janice\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5ymdywzm.default\\

\\100sofRecipes_ei\"]}"
[-] Chrome preferences cleaned: "media.webrtc.debug.log_file" - "C:\\Users\\janice\

\AppData\\Local\\Temp\\WebRTC.log"
[-] Chrome preferences cleaned: "services.sync.client.name" - "janice's Firefox on

Hazel"


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4149 Bytes] - [14/12/2016 13:25:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [2959 Bytes] - [09/12/2016 23:28:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [3031 Bytes] - [10/12/2016 11:20:16]
C:\AdwCleaner\AdwCleaner[S2].txt - [3107 Bytes] - [14/12/2016 13:24:54]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4441 Bytes] ##########
Back to top
View user's profile Send private message MSN Messenger
SanzFrancisco
Warrior


Joined: 23 Jun 2005
Last Visit: 18 Dec 2016
Posts: 145
Location: San Francisco

PostPosted: Wed Dec 14, 2016 1:42 pm    Post subject: Reply with quote

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by janice (14-12-2016 13:48:07) Run:1
Running from E:\
Loaded Profiles: UpdatusUser & janice (Available Profiles: UpdatusUser & janice)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-12-01] (Kingsoft Corporation)
2016-12-01 10:30 - 2016-12-01 10:30 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2016-12-01 10:30 - 2016-12-01 10:30 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2016-12-01 10:30 - 2016-12-01 10:30 - 00000000 ____D C:\ProgramData\Kingsoft
C:\Users\janice\Downloads\ccsetup523.exe
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns
*****************

"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
ksapi64 => service removed successfully
C:\Windows\system32\Drivers\ksapi.sys => moved successfully
C:\Windows\system32\Drivers\ksapi64.sys => moved successfully
C:\ProgramData\Kingsoft => moved successfully
C:\Users\janice\Downloads\ccsetup523.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6945859 B
Java, Flash, Steam htmlcache => 2083 B
Windows/system/drivers => 7140 B
Edge => 0 B
Chrome => 8742790 B
Firefox => 439080688 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 118932 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 66088 B
LocalService => 66228 B
NetworkService => 74383 B
UpdatusUser => 61049 B
janice => 219373109 B

RecycleBin => 20267901 B
EmptyTemp: => 726.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:48:18 ====
Back to top
View user's profile Send private message MSN Messenger
SanzFrancisco
Warrior


Joined: 23 Jun 2005
Last Visit: 18 Dec 2016
Posts: 145
Location: San Francisco

PostPosted: Wed Dec 14, 2016 1:56 pm    Post subject: Reply with quote

Not totally sure how this machine is running. Give me a day or so, and I'll let you know. Okay?
Back to top
View user's profile Send private message MSN Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 23 Aug 2017
Posts: 10182
Location: Yorkshire

PostPosted: Thu Dec 15, 2016 12:22 am    Post subject: Reply with quote

No problem ...... I'll talk to you in a few days time then. Very Happy
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
SanzFrancisco
Warrior


Joined: 23 Jun 2005
Last Visit: 18 Dec 2016
Posts: 145
Location: San Francisco

PostPosted: Sat Dec 17, 2016 10:32 pm    Post subject: Reply with quote

Hey Gary, everything seems to be running well for the most part. I am having trouble with Ad aware, which works well with my desktop. Every time I try to add it to Firefox here, the addition is confirmed, but the icon never shows up. Is this reasonable, or is something still wrong?
Back to top
View user's profile Send private message MSN Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 23 Aug 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sat Dec 17, 2016 11:31 pm    Post subject: Reply with quote

To be honest I no longer recommend AdAware, the defence it offers against modern malware is minimal, and its ability to fully remove modern infections is not as good as other freely available alternatives.

IMO Malwarebytes is a better alternative ... https://www.malwarebytes.com/

The free version does not offer real time protection (beyond the 14 day trial period) but the scanner remains effective beyond the trial period, and can be run manually. It is generally very good at removing anything it finds.

Your AV (Norton) will normally alert you if it detects anything, so having additional real time protection from an anti-malware program is not actually essential, so the free version of Malwarebytes is adequate to most people's needs, you just run a scan manually whenever you have concerns you might be infected (or once a week if that gives you reassurance).

If you wish to stick with AdAware, and you are having problems with it, then they do have a support forum ... http://www.lavasoftsupport.com/ ... where I'm sure they'll be able to address any problems you might be having with their product.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
SanzFrancisco
Warrior


Joined: 23 Jun 2005
Last Visit: 18 Dec 2016
Posts: 145
Location: San Francisco

PostPosted: Sun Dec 18, 2016 3:41 pm    Post subject: Reply with quote

Thanks again Gary. I only use Ad aware to block ads, and it has always worked very well on my desktop. Nevertheless, I have taken a good amount of your time, and I appreciate it very much. You can end this thread, and I will contact the site again if I need to.

I did contribute.
Cheers,
janice
Back to top
View user's profile Send private message MSN Messenger
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 23 Aug 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sun Dec 18, 2016 10:10 pm    Post subject: Reply with quote

If you wish to block ads whilst you're browsing, try installing uBlock Origin ... https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/ ... in Firefox.

I use it in preference to AdBlock (another add blocking Firefox add-on) because it's generally less demanding on resources, yet I've found it to be every bit as effective.

Glad to hear you're no longer having problems, thanks for letting me know, I'll close the topic.

Thanks for the donation it is much appreciated.

This topic is now closed.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group