Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

2 crashes for no apparent reason

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
Brynn
Junior Member


Joined: 16 Apr 2008
Last Visit: 27 Jun 2016
Posts: 13

PostPosted: Tue Mar 08, 2016 1:28 am    Post subject: 2 crashes for no apparent reason Reply with quote

Hi Friends,
Windows 7, 64-bit, sp1, updated as of last week.
ESET 9.0.318.0 (firewall and av)

On March 6, my computer crashed for no apparent reason. I saved the details which Windows provides, and I'll paste it in below. Then a few minutes ago, it crashed again.

I'm not sure if this is going to sound weird or not, but the only "symptoms" I have are related to my mouse. I saw the topic about what you can do to help a slow running computer. But it's only the mouse that gets slow. If I click to open windows or post a message, there is no delay.

The mouse freezes up for a few seconds to a few minutes. At times, it works normally, but then it will go through a time when it freezes up repeatedly. Usually the computer fan is running, or I can hear the drive working, when it starts freezing. Eventually, the crash comes.

I actually don't know if this could be malware related. I practice safe browsing as I understand it. But it seems like the first thing I should check, before I consider more drastic potential problems.

I use an external touchpad mouse (Cirque/GlidePoint). I uninstalled and reinstalled it's software. And I exchanged the mouse I was using when it crashed on the 6th, with an older mouse that I keep around for emergencies (such as if the current one breaks). But now I've had the 2nd crash.

I can't think of anything else to say, so here comes the requested files. And below them, I'll paste the info from the crash reports.

Thank you very much,
brynn

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18205
Run by Jill Davis at 1:53:31 on 2016-03-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.1925 [GMT -7:00]
.
AV: ESET Smart Security 9.0.318.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: ESET Smart Security 9.0.318.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\GlidePoint\glidesvc.exe
C:\Program Files\GlidePoint\glidesvc.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Games\iWin Games Manager\iWinTrusted.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\Rpcnet\Bin\rpcld.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Efficient Calendar\Efficient Calendar Free\EfficientCalendarFree.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://forum.inkscapecommunity.com/index.php
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com/intl/en/options/
uProxyServer = localhost:21320
mWinlogon: Userinit = userinit.exe,
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [EfficientCalendarFree] <no file>
StartupFolder: C:\Users\JILLDA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFFICI~1.LNK - C:\Program Files (x86)\Efficient Calendar\Efficient Calendar Free\EfficientCalendarFree.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: //irc.freenode.net/#scribus
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} - hxxps://lojackforlaptops.absolute.com/ctmweb/testoc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{4A1992CA-68B4-4261-89A2-B987A264CA05} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - hxxp://forum.inkscapecommunity.com/index.php
FF - prefs.js: keyword.URL - hxxps://startpage.com/do/search?language=english&cat=web&query=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jill Davis\AppData\Roaming\JPLNASAVTAD\NASAEyes\1.0.0.0\npNASAEyes.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2015-7-30 69840]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-27 55280]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2010-3-25 18792]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-12-31 1263200]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2015-7-30 264040]
R1 EpfwLWF;ESET Personal Firewall;C:\Windows\System32\drivers\EpfwLWF.sys [2015-7-30 52872]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2015-11-17 13768]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-2 89600]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-31 3246040]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-2 202752]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2015-10-9 2505472]
R2 GlidePoint;GlidePoint Touchpad Client;C:\Program Files\GlidePoint\glidesvc.exe [2009-6-4 256296]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-3-25 60928]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\Games\iWin Games Manager\iWinTrusted.exe [2009-9-2 78104]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-2-26 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-2-26 80896]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-2-26 55808]
R2 rpcld;Remote Procedure Call (RPC) LD;C:\ProgramData\Rpcnet\Bin\rpcld.exe --> C:\ProgramData\Rpcnet\Bin\rpcld.exe [?]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-12-19 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-12-19 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-12-19 171928]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-5-2 2320920]
R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [?]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-2-26 23912]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-12-31 285280]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-3-25 172704]
R3 glideusb;GlidePoint USB Touchpad Filter;C:\Windows\System32\drivers\glideusb.sys [2011-3-28 109480]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-2-26 56344]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-17 25072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-3-25 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-25 79360]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-3-2 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-2 151040]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-23 19456]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-3-25 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-13 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-30 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 ekbdflt;ekbdflt;C:\Windows\System32\drivers\ekbdflt.sys [2015-10-7 142976]
.
=============== Created Last 30 ================
.
2016-03-08 02:42:16 -------- d-----w- C:\Program Files\GlidePoint
2016-03-08 02:07:32 11249080 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1BDFFB13-61E9-47F9-AF3F-5A3C5D4C97C3}\mpengine.dll
2016-03-03 01:21:34 624640 ----a-w- C:\Windows\System32\qedit.dll
2016-03-03 01:20:53 210432 ----a-w- C:\Windows\System32\aepic.dll
2016-03-03 01:19:38 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2016-03-03 01:18:32 802304 ----a-w- C:\Windows\System32\usp10.dll
2016-03-03 01:18:32 627712 ----a-w- C:\Windows\SysWow64\usp10.dll
2016-03-03 01:18:20 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2016-03-03 01:18:09 241664 ----a-w- C:\Windows\System32\els.dll
2016-03-03 01:18:09 179712 ----a-w- C:\Windows\SysWow64\els.dll
2016-02-22 13:26:39 -------- d-----w- C:\Users\Jill Davis\AppData\Roaming\LibreOffice
2016-02-22 13:23:15 -------- d-----w- C:\Program Files (x86)\LibreOffice 5
.
==================== Find3M ====================
.
2016-03-08 07:47:53 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2016-03-08 07:47:51 78032 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2016-02-14 08:07:23 796864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-02-14 08:07:22 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-06 10:32:57 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-02-06 10:10:21 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-02-06 09:54:50 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-02-06 09:37:23 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-01-22 06:56:05 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-01-22 06:41:35 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-01-22 06:40:50 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-01-22 06:40:43 417792 ----a-w- C:\Windows\System32\html.iec
2016-01-22 06:40:13 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-01-22 06:40:12 571904 ----a-w- C:\Windows\System32\vbscript.dll
2016-01-22 06:29:43 6052352 ----a-w- C:\Windows\System32\jscript9.dll
2016-01-22 06:27:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-01-22 06:27:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-01-22 06:27:10 5573056 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-01-22 06:27:08 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-01-22 06:27:08 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-01-22 06:24:12 1733592 ----a-w- C:\Windows\System32\ntdll.dll
2016-01-22 06:20:53 362496 ----a-w- C:\Windows\System32\wow64win.dll
2016-01-22 06:20:53 243712 ----a-w- C:\Windows\System32\wow64.dll
2016-01-22 06:20:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2016-01-22 06:20:36 215040 ----a-w- C:\Windows\System32\winsrv.dll
2016-01-22 06:20:33 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-01-22 06:20:31 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-01-22 06:20:20 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-01-22 06:20:10 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-01-22 06:20:10 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-01-22 06:20:08 503808 ----a-w- C:\Windows\System32\srcore.dll
2016-01-22 06:20:08 50176 ----a-w- C:\Windows\System32\srclient.dll
2016-01-22 06:19:06 28160 ----a-w- C:\Windows\System32\secur32.dll
2016-01-22 06:19:04 344064 ----a-w- C:\Windows\System32\schannel.dll
2016-01-22 06:19:02 1214464 ----a-w- C:\Windows\System32\rpcrt4.dll
2016-01-22 06:18:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2016-01-22 06:18:49 723968 ----a-w- C:\Windows\System32\EncDec.dll
2016-01-22 06:18:32 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2016-01-22 06:17:03 312320 ----a-w- C:\Windows\System32\ncrypt.dll
2016-01-22 06:17:01 159744 ----a-w- C:\Windows\System32\mtxoci.dll
2016-01-22 06:17:00 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2016-01-22 06:16:55 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-01-22 06:16:39 146432 ----a-w- C:\Windows\System32\msaudite.dll
2016-01-22 06:16:00 1461248 ----a-w- C:\Windows\System32\lsasrv.dll
2016-01-22 06:15:31 730112 ----a-w- C:\Windows\System32\kerberos.dll
2016-01-22 06:15:31 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2016-01-22 06:13:15 3993536 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-01-22 06:13:15 3938752 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-01-22 06:13:06 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2016-01-22 06:13:04 43520 ----a-w- C:\Windows\System32\cryptbase.dll
2016-01-22 06:13:03 22016 ----a-w- C:\Windows\System32\credssp.dll
2016-01-22 06:09:40 1314328 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-01-22 06:09:06 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-01-22 06:06:50 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-01-22 06:06:50 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-01-22 06:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2016-01-22 06:06:50 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2016-01-22 06:06:30 171520 ----a-w- C:\Windows\SysWow64\wdigest.dll
2016-01-22 06:06:19 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2016-01-22 06:06:11 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2016-01-22 06:05:27 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-01-22 06:05:20 251392 ----a-w- C:\Windows\SysWow64\schannel.dll
2016-01-22 06:04:36 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2016-01-22 06:04:36 535040 ----a-w- C:\Windows\SysWow64\EncDec.dll
2016-01-22 06:02:58 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2016-01-22 06:02:56 114176 ----a-w- C:\Windows\SysWow64\mtxoci.dll
2016-01-22 06:02:55 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-01-22 06:02:52 176128 ----a-w- C:\Windows\SysWow64\msorcl32.dll
2016-01-22 06:02:49 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-01-22 06:02:26 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-01-22 06:02:01 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-01-22 06:02:01 496640 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-01-22 06:02:00 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll
2016-01-22 06:01:26 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-01-22 06:01:17 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-01-22 06:00:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-01-22 05:51:37 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-01-22 05:46:10 2123264 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-01-22 05:46:00 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-01-22 05:39:38 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-01-22 05:35:15 4611072 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-01-22 05:31:43 2597376 ----a-w- C:\Windows\System32\wininet.dll
2016-01-22 05:24:59 2050560 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-01-22 05:24:40 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-01-22 05:13:56 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-01-22 05:07:28 2120704 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-01-22 05:07:16 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-01-22 05:07:09 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-01-22 05:05:44 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-01-22 04:59:53 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-01-22 04:58:52 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-01-22 04:58:46 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-01-22 04:57:17 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-01-22 04:57:09 112640 ----a-w- C:\Windows\System32\smss.exe
2016-01-22 04:53:59 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-01-22 04:53:56 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-01-22 04:53:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-01-22 04:53:55 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-01-22 04:51:55 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-01-22 04:51:40 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
.
============= FINISH: 1:54:21.69 ===============

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/27/2010 4:22:05 PM
System Uptime: 3/8/2016 12:46:45 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0874P6
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | U2E1 | 1184/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 204.732 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP559: 1/30/2016 12:10:51 AM - Scheduled Checkpoint
RP560: 2/22/2016 6:20:34 AM - Installed LibreOffice 5.0.5.2
RP561: 2/22/2016 6:28:19 AM - Removed OpenOffice.org 3.2
RP562: 2/29/2016 7:07:54 PM - Windows Update
RP563: 3/2/2016 6:22:59 PM - Windows Update
RP564: 3/7/2016 7:06:48 PM - Windows Update
RP565: 3/7/2016 7:36:21 PM - Removed GlidePoint® Touchpad Driver 3 (64-bit)
RP566: 3/7/2016 7:41:25 PM - Installed GlidePoint® Touchpad Driver 3 (64-bit)
.
==== Hosts File Hijack ======================
.
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
Hosts: 0.0.0.0 static.a-ads.com
Hosts: 0.0.0.0 atlas.aamedia.ro
Hosts: 0.0.0.0 abcstats.com
Hosts: 0.0.0.0 ad4.abradio.cz
Hosts: 0.0.0.0 a.abv.bg
Hosts: 0.0.0.0 adserver.abv.bg
Hosts: 0.0.0.0 adv.abv.bg
Hosts: 0.0.0.0 bimg.abv.bg
Hosts: 0.0.0.0 ca.abv.bg
Hosts: 0.0.0.0 track.acclaimnetwork.com
Hosts: 0.0.0.0 accuserveadsystem.com
Hosts: 0.0.0.0 www.accuserveadsystem.com
Hosts: 0.0.0.0 achmedia.com
Hosts: 0.0.0.0 csh.actiondesk.com
Hosts: 0.0.0.0 ads.activepower.net
Hosts: 0.0.0.0 app.activetrail.com
Hosts: 0.0.0.0 stat.active24stats.nl
Hosts: 0.0.0.0 traffic.acwebconnecting.com
Hosts: 0.0.0.0 office.ad1.ru
Hosts: 0.0.0.0 cms.ad2click.nl
Hosts: 0.0.0.0 ad2games.com
Hosts: 0.0.0.0 ads.ad2games.com
Hosts: 0.0.0.0 content.ad20.net
Hosts: 0.0.0.0 core.ad20.net
Hosts: 0.0.0.0 banner.ad.nu
Hosts: 0.0.0.0 adadvisor.net
Hosts: 0.0.0.0 tag1.adaptiveads.com
Hosts: 0.0.0.0 www.adbanner.ro
Hosts: 0.0.0.0 wad.adbasket.net
Hosts: 0.0.0.0 ad.pop1.adbn.ru
Hosts: 0.0.0.0 ad.top1.adbn.ru
Hosts: 0.0.0.0 ad.rich1.adbn.ru
Hosts: 0.0.0.0 adbox.hu
Hosts: 0.0.0.0 james.adbutler.de
Hosts: 0.0.0.0 www.adbutler.de
Hosts: 0.0.0.0 tw1.adbutler.us
Hosts: 0.0.0.0 www.adchimp.com
Hosts: 0.0.0.0 static.adclick.lt
Hosts: 0.0.0.0 engine.adclick.lv
Hosts: 0.0.0.0 show.adclick.lv
Hosts: 0.0.0.0 static.adclick.lv
Hosts: 0.0.0.0 www.adclick.lv
Hosts: 0.0.0.0 ad-clix.com
Hosts: 0.0.0.0 www.ad-clix.com
Hosts: 0.0.0.0 servedby.adcombination.com
Hosts: 0.0.0.0 adcomplete.com
Hosts: 0.0.0.0 www.adcomplete.com
Hosts: 0.0.0.0 adcore.ru
Hosts: 0.0.0.0 pixel.adcrowd.com
Hosts: 0.0.0.0 ct1.addthis.com
Hosts: 0.0.0.0 static.uk.addynamo.com
Hosts: 0.0.0.0 server.adeasy.ru
Hosts: 0.0.0.0 pt.server1.adexit.com
Hosts: 0.0.0.0 www.adexit.com
Hosts: 0.0.0.0 s.adexpert.cz
Hosts: 0.0.0.0 222-33544_999.pub.adfirmative.com
Hosts: 0.0.0.0 c.adfirmative.com
Hosts: 0.0.0.0 www.adfirmative.com
Hosts: 0.0.0.0 adfocus.ru
Hosts: 0.0.0.0 adx.adform.net
Hosts: 0.0.0.0 s1.adform.net
Hosts: 0.0.0.0 server.adform.net
Hosts: 0.0.0.0 track.adform.net
Hosts: 0.0.0.0 server.adformdsp.net
Hosts: 0.0.0.0 adforce.ru
Hosts: 0.0.0.0 ads.adfox.ru
Hosts: 0.0.0.0 gazeta.adfox.ru
Hosts: 0.0.0.0 p.adframesrc.com
Hosts: 0.0.0.0 s.adframesrc.com
Hosts: 0.0.0.0 media.adfrontiers.com
Hosts: 0.0.0.0 astw.adgear.com
Hosts: 0.0.0.0 dstw.adgear.com
Hosts: 0.0.0.0 www.adgitize.com
Hosts: 0.0.0.0 code.ad-gbn.com
Hosts: 0.0.0.0 www.ad-groups.com
Hosts: 0.0.0.0 adhall.com
Hosts: 0.0.0.0 pool.adhese.be
Hosts: 0.0.0.0 adhitzads.com
Hosts: 0.0.0.0 ads.static.adhood.com
Hosts: 0.0.0.0 app.pubserver.adhood.com
Hosts: 0.0.0.0 app.winwords.adhood.com
Hosts: 0.0.0.0 ssl3.adhost.com
Hosts: 0.0.0.0 www2.adhost.com
Hosts: 0.0.0.0 adfarm1.adition.com
Hosts: 0.0.0.0 imagesrv.adition.com
Hosts: 0.0.0.0 ad.adition.net
Hosts: 0.0.0.0 hosting.adjug.com
Hosts: 0.0.0.0 tracking.adjug.com
Hosts: 0.0.0.0 aj.adjungle.com
Hosts: 0.0.0.0 rotator.hadj7.adjuggler.net
Hosts: 0.0.0.0 thewrap.rotator.hadj7.adjuggler.net
Hosts: 0.0.0.0 yorick.adjuggler.net
Hosts: 0.0.0.0 adsearch.adkontekst.pl
Hosts: 0.0.0.0 stat.adlabs.ru
Hosts: 0.0.0.0 d.tds.adlabs.ru
Hosts: 0.0.0.0 www.adlantis.jp
Hosts: 0.0.0.0 publicidad.adlead.com
Hosts: 0.0.0.0 www.adlimg03.com
Hosts: 0.0.0.0 regio.adlink.de
Hosts: 0.0.0.0 west.adlink.de
Hosts: 0.0.0.0 rc.de.adlink.net
Hosts: 0.0.0.0 tr.de.adlink.net
Hosts: 0.0.0.0 adloyal.pl
Hosts: 0.0.0.0 n.admagnet.net
Hosts: 0.0.0.0 ads3.adman.gr
Hosts: 0.0.0.0 gazzetta.adman.gr
Hosts: 0.0.0.0 r2d2.adman.gr
Hosts: 0.0.0.0 talos.adman.gr
Hosts: 0.0.0.0 adman.in.gr
Hosts: 0.0.0.0 admarket.cz
Hosts: 0.0.0.0 www.admarket.cz
Hosts: 0.0.0.0 bridge.ame.admarketplace.net
Hosts: 0.0.0.0 bridge.sf.admarketplace.net
Hosts: 0.0.0.0 a1.admaster.net
Hosts: 0.0.0.0 img.admaster.net
Hosts: 0.0.0.0 admedien.com
Hosts: 0.0.0.0 www.admedien.com
Hosts: 0.0.0.0 apps.admission.net
Hosts: 0.0.0.0 appcache.admission.net
Hosts: 0.0.0.0 dt.admission.net
Hosts: 0.0.0.0 view.admission.net
Hosts: 0.0.0.0 www.ad.admitad.com
Hosts: 0.0.0.0 ad.admixer.net
Hosts: 0.0.0.0 cdn.admixer.net
Hosts: 0.0.0.0 ads.admodus.com
Hosts: 0.0.0.0 run.admost.com
Hosts: 0.0.0.0 assets3.admulti.com
Hosts: 0.0.0.0 go.admulti.com
Hosts: 0.0.0.0 s.admulti.com
Hosts: 0.0.0.0 ads.adnet.am
Hosts: 0.0.0.0 ad.adnet.biz
Hosts: 0.0.0.0 adnet.com.ua
Hosts: 0.0.0.0 delivery.adnetwork.vn
Hosts: 0.0.0.0 img.adnet.com.tr
Hosts: 0.0.0.0 www.ad-net.co.uk
Hosts: 0.0.0.0 adnext.fr
Hosts: 0.0.0.0 cdn.adnotch.com
Hosts: 0.0.0.0 ad.adnow.com
Hosts: 0.0.0.0 tt11.adobe.com
Hosts: 0.0.0.0 ace.adoftheyear.com
Hosts: 0.0.0.0 ad01.adonspot.com
Hosts: 0.0.0.0 ad02.adonspot.com
Hosts: 0.0.0.0 ads.adoptio.net
Hosts: 0.0.0.0 adperium.com
Hosts: 0.0.0.0 adk2.adperium.com
Hosts: 0.0.0.0 www.adperium.com
Hosts: 0.0.0.0 img.adplan-ds.com
Hosts: 0.0.0.0 res.adplus.co.id
Hosts: 0.0.0.0 e.adpower.bg
Hosts: 0.0.0.0 ab.adpro.com.ua
Hosts: 0.0.0.0 adpublimo.com
Hosts: 0.0.0.0 system.adquick.nl
Hosts: 0.0.0.0 pop.adrent.net
Hosts: 0.0.0.0 adroll.com
Hosts: 0.0.0.0 rtt.adrolays.de
Hosts: 0.0.0.0 n.ads1-adnow.com
Hosts: 0.0.0.0 n.ads2-adnow.com
Hosts: 0.0.0.0 n.ads3-adnow.com
Hosts: 0.0.0.0 vu.adschoom.com
Hosts: 0.0.0.0 p78878.adskape.ru
Hosts: 0.0.0.0 map2.adsniper.ru
Hosts: 0.0.0.0 n5.adshostnet.com
Hosts: 0.0.0.0 f-nod2.adsniper.ru
Hosts: 0.0.0.0 content.adspynet.com
Hosts: 0.0.0.0 engine.adspynet.com
Hosts: 0.0.0.0 ads.adsurve.com
Hosts: 0.0.0.0 www.adsurve.com
Hosts: 0.0.0.0 cntr.adrime.com
Hosts: 0.0.0.0 images.adrime.com
Hosts: 0.0.0.0 ad.adriver.ru
Hosts: 0.0.0.0 content.adriver.ru
Hosts: 0.0.0.0 ssp.adriver.ru
Hosts: 0.0.0.0 r.adrolays.de
Hosts: 0.0.0.0 adrotate.se
Hosts: 0.0.0.0 www.adrotate.net
Hosts: 0.0.0.0 serv.ad-rotator.com
Hosts: 0.0.0.0 ads-bg.info
Hosts: 0.0.0.0 delivery.ads-creativesyndicator.com
Hosts: 0.0.0.0 adsafiliados.com.br
Hosts: 0.0.0.0 ad.adsafiliados.com.br
Hosts: 0.0.0.0 v2.adsbookie.com
Hosts: 0.0.0.0 rh.adscale.de
Hosts: 0.0.0.0 assets.adtaily.com
Hosts: 0.0.0.0 viewster-service.adtelligence.de
Hosts: 0.0.0.0 adtgs.com
Hosts: 0.0.0.0 fusion.adtoma.com
Hosts: 0.0.0.0 engage2.advanstar.com
Hosts: 0.0.0.0 ds.advg.jp
Hosts: 0.0.0.0 m.adx.bg
Hosts: 0.0.0.0 www.adshost2.com
Hosts: 0.0.0.0 js.adscale.de
Hosts: 0.0.0.0 ih.adscale.de
Hosts: 0.0.0.0 adscendmedia.com
Hosts: 0.0.0.0 adservicedomain.info
Hosts: 0.0.0.0 adserver-voice-online.co.uk
Hosts: 0.0.0.0 adsfac.net
Hosts: 0.0.0.0 adsgangsta.com
Hosts: 0.0.0.0 n8.adshostnet.com
Hosts: 0.0.0.0 adsfac.eu
Hosts: 0.0.0.0 ad.ad-srv.net
Hosts: 0.0.0.0 www.adshot.de
Hosts: 0.0.0.0 f-nod1.adsniper.ru
Hosts: 0.0.0.0 sync2.adsniper.ru
Hosts: 0.0.0.0 cdn6.adspirit.de
Hosts: 0.0.0.0 www.adspace.be
Hosts: 0.0.0.0 adsplius.lt
Hosts: 0.0.0.0 ads.adsponse.de
Hosts: 0.0.0.0 openx.adtext.ro
Hosts: 0.0.0.0 ads.adtiger.de
Hosts: 0.0.0.0 www.adtiger.de
Hosts: 0.0.0.0 ad.adtoma.com
Hosts: 0.0.0.0 au-01.adtomafusion.com
Hosts: 0.0.0.0 bn-01.adtomafusion.com
Hosts: 0.0.0.0 adv.adtotal.pl
Hosts: 0.0.0.0 dot.adtotal.pl
Hosts: 0.0.0.0 rek.adtotal.pl
Hosts: 0.0.0.0 www.adtrade.net
Hosts: 0.0.0.0 www.adtrader.com
Hosts: 0.0.0.0 adtradr.com
Hosts: 0.0.0.0 ads.adtube.de
Hosts: 0.0.0.0 www.adultbanners.co.uk
Hosts: 0.0.0.0 www.adultcommercial.net
Hosts: 0.0.0.0 adultmoneymakers.com
Hosts: 0.0.0.0 tracking.adultsense.com
Hosts: 0.0.0.0 www.adult-tracker.de
Hosts: 0.0.0.0 ad.aduserver.com
Hosts: 0.0.0.0 adv758968.ru
Hosts: 0.0.0.0 advaction.ru
Hosts: 0.0.0.0 euroad1.advantage.as
Hosts: 0.0.0.0 mf.advantage.as
Hosts: 0.0.0.0 mfad1.advantage.as
Hosts: 0.0.0.0 adve.net
Hosts: 0.0.0.0 ad.adver.com.tw
Hosts: 0.0.0.0 apps.advertlets.com
Hosts: 0.0.0.0 www.advertlets.com
Hosts: 0.0.0.0 ads.advertise.net
Hosts: 0.0.0.0 www.advertsponsor.com
Hosts: 0.0.0.0 advertisingpurchase.com
Hosts: 0.0.0.0 ad.adverticum.net
Hosts: 0.0.0.0 img.adverticum.net
Hosts: 0.0.0.0 imgs.adverticum.net
Hosts: 0.0.0.0 www.advertising365.com
Hosts: 0.0.0.0 titan.advertserve.com
Hosts: 0.0.0.0 ad.advertstream.com
Hosts: 0.0.0.0 usas1.advfn.com
Hosts: 0.0.0.0 images.adviews.de
Hosts: 0.0.0.0 www.adviews.de
Hosts: 0.0.0.0 ad.adview.pl
Hosts: 0.0.0.0 adp.adview.pl
Hosts: 0.0.0.0 bi.adview.pl
Hosts: 0.0.0.0 advizi.ru
Hosts: 0.0.0.0 adv.adwish.net
Hosts: 0.0.0.0 ads.adwitserver.com
Hosts: 0.0.0.0 ad.adworx.at
Hosts: 0.0.0.0 www.ad-z.de
Hosts: 0.0.0.0 ads.afa.net
Hosts: 0.0.0.0 affbeat.com
Hosts: 0.0.0.0 affiliate.affdirect.com
Hosts: 0.0.0.0 sttc.affiliate.hu
Hosts: 0.0.0.0 tr.affiliate.hu
Hosts: 0.0.0.0 img.network.affiliando.com
Hosts: 0.0.0.0 view.network.affiliando.com
Hosts: 0.0.0.0 ads.affiliateclub.com
Hosts: 0.0.0.0 affiliategroove.com
Hosts: 0.0.0.0 banners.affiliatefuture.com
Hosts: 0.0.0.0 images.affiliator.com
Hosts: 0.0.0.0 imp.affiliator.com
Hosts: 0.0.0.0 rotation.affiliator.com
Hosts: 0.0.0.0 media.affiliatelounge.com
Hosts: 0.0.0.0 js.affiliatelounge.com
Hosts: 0.0.0.0 record.affiliatelounge.com
Hosts: 0.0.0.0 web1.affiliatelounge.com
Hosts: 0.0.0.0 banners.affilimatch.de
Hosts: 0.0.0.0 ad.afilo.pl
Hosts: 0.0.0.0 adserwer.afilo.pl
Hosts: 0.0.0.0 ads.afraccess.com
Hosts: 0.0.0.0 ads.aftonbladet.se
Hosts: 0.0.0.0 stats.agent.co.il
Hosts: 0.0.0.0 stats.agentinteractive.com
Hosts: 0.0.0.0 w.ahalogy.com
Hosts: 0.0.0.0 ac.ajur.info
Hosts: 0.0.0.0 openx.ajur.info
Hosts: 0.0.0.0 adlik2.akavita.com
Hosts: 0.0.0.0 all2lnk.com
Hosts: 0.0.0.0 ads.allaccess.com.ph
Hosts: 0.0.0.0 adcontent2.allaccess.com.ph
Hosts: 0.0.0.0 ad.allstar.cz
Hosts: 0.0.0.0 taobaoafp.allyes.cn
Hosts: 0.0.0.0 bokee.allyes.com
Hosts: 0.0.0.0 demoafp.allyes.com
Hosts: 0.0.0.0 eastmoney.allyes.com
Hosts: 0.0.0.0 smarttrade.allyes.com
Hosts: 0.0.0.0 sroomafp.allyes.com
Hosts: 0.0.0.0 taobaoafp.allyes.com
Hosts: 0.0.0.0 tom.allyes.com
Hosts: 0.0.0.0 uuseeafp.allyes.com
Hosts: 0.0.0.0 yeskyafp.allyes.com
Hosts: 0.0.0.0 eas.almamedia.fi
Hosts: 0.0.0.0 ad.altervista.org
Hosts: 0.0.0.0 pqwaker.altervista.org
Hosts: 0.0.0.0 adimg.alice.it
Hosts: 0.0.0.0 adv.alice.it
Hosts: 0.0.0.0 advloc.alice.it
Hosts: 0.0.0.0 altmedia101.com
Hosts: 0.0.0.0 www.alwayson-network.com
Hosts: 0.0.0.0 adtools2.amakings.com
Hosts: 0.0.0.0 banner.amateri.cz
Hosts: 0.0.0.0 amazing-offers.co.il
Hosts: 0.0.0.0 ad.amgdgt.com
Hosts: 0.0.0.0 adserver.amna.gr
Hosts: 0.0.0.0 10394-127.ampxchange.com
Hosts: 0.0.0.0 10394-4254.ampxchange.com
Hosts: 0.0.0.0 10394-2468.ampxchange.com
Hosts: 0.0.0.0 vfdeprod.amobee.com
Hosts: 0.0.0.0 widgets.amung.us
Hosts: 0.0.0.0 whos.amung.us
Hosts: 0.0.0.0 analytics.analytics-egain.com
Hosts: 0.0.0.0 cloud-us.analytics-egain.com
Hosts: 0.0.0.0 gw.anametrix.net
Hosts: 0.0.0.0 www.anastasiasaffiliate.com
Hosts: 0.0.0.0 advert.ananzi.co.za
Hosts: 0.0.0.0 advert2.ananzi.co.za
Hosts: 0.0.0.0 box.anchorfree.net
Hosts: 0.0.0.0 rpt.anchorfree.net
Hosts: 0.0.0.0 a.androidandme.com
Hosts: 0.0.0.0 analytics.androidandme.com
Hosts: 0.0.0.0 www.anticlown.com
Hosts: 0.0.0.0 antventure.com
Hosts: 0.0.0.0 webtracker.apicasystem.com
Hosts: 0.0.0.0 junior.apk.net
Hosts: 0.0.0.0 openx.apollo.lv
Hosts: 0.0.0.0 nu.arnostat.nl
Hosts: 0.0.0.0 ads.asia1.com.sg
Hosts: 0.0.0.0 ads.ask.com
Hosts: 0.0.0.0 www.asknew.com
Hosts: 0.0.0.0 stats.asp24.pl
Hosts: 0.0.0.0 ads.aspalliance.com
Hosts: 0.0.0.0 www.astalavista.us
Hosts: 0.0.0.0 atemda.com
Hosts: 0.0.0.0 logw349.ati-host.net
Hosts: 0.0.0.0 rules.atgsvcs.com
Hosts: 0.0.0.0 logw312.ati-host.net
Hosts: 0.0.0.0 p.ato.mx
Hosts: 0.0.0.0 s.ato.mx
Hosts: 0.0.0.0 ads.atticamediagroup.gr
Hosts: 0.0.0.0 ads.auctionads.com
Hosts: 0.0.0.0 banners.audioholics.com
Hosts: 0.0.0.0 ad.auditude.com
Hosts: 0.0.0.0 ads.auctioncity.co.nz
Hosts: 0.0.0.0 d.audienceiq.com
Hosts: 0.0.0.0 ads.autoscout24.com
Hosts: 0.0.0.0 ads.autotrader.com
Hosts: 0.0.0.0 adserving.autotrader.com
Hosts: 0.0.0.0 profiling.avandor.com
Hosts: 0.0.0.0 avantlink.com
Hosts: 0.0.0.0 www.avantlink.com
Hosts: 0.0.0.0 fhg.avrevenue.com
Hosts: 0.0.0.0 rev.avsforum.com
Hosts: 0.0.0.0 a.avtookazion.bg
Hosts: 0.0.0.0 ads.avusa.co.za
Hosts: 0.0.0.0 engine.awaps.net
Hosts: 0.0.0.0 analytics.aweber.com
Hosts: 0.0.0.0 clicks.aweber.com
Hosts: 0.0.0.0 www.azmsoft.com
Hosts: 0.0.0.0 ads.badische-zeitung.de
Hosts: 0.0.0.0 error.banan.cz
Hosts: 0.0.0.0 ads3.bangkokpost.co.th
Hosts: 0.0.0.0 www.banner.cz
Hosts: 0.0.0.0 www.banner-exchange.nl
Hosts: 0.0.0.0 www.bannerexchange.co.nz
Hosts: 0.0.0.0 www.bannergratis.it
Hosts: 0.0.0.0 max.bannermanager.gr
Hosts: 0.0.0.0 www.bannermanagement.nl
Hosts: 0.0.0.0 www.bannerpromotion.it
Hosts: 0.0.0.0 www.banner-rotation.com
Hosts: 0.0.0.0 feed-rt.baronsoffers.com
Hosts: 0.0.0.0 ad.batanga.com
Hosts: 0.0.0.0 ad.bauerverlag.de
Hosts: 0.0.0.0 ads.baz.ch
Hosts: 0.0.0.0 bbcdn.go.cz.bbelements.com
Hosts: 0.0.0.0 go.arbopl.bbelements.com
Hosts: 0.0.0.0 bbcdn.go.arbopl.bbelements.com
Hosts: 0.0.0.0 go.cz.bbelements.com
Hosts: 0.0.0.0 go.eu.bbelements.com
Hosts: 0.0.0.0 go.idmnet.bbelements.com
Hosts: 0.0.0.0 go.idnes.bbelements.com
Hosts: 0.0.0.0 bbcdn.go.pol.bbelements.com
Hosts: 0.0.0.0 go.pol.bbelements.com
Hosts: 0.0.0.0 ad2.bbmedia.cz
Hosts: 0.0.0.0 adidnes2.bbmedia.cz
Hosts: 0.0.0.0 t.bbtrack.net
Hosts: 0.0.0.0 ad.beepworld.de
Hosts: 0.0.0.0 ads.be2hand.com
Hosts: 0.0.0.0 app.beanstalkdata.com
Hosts: 0.0.0.0 www.beead.co.uk
Hosts: 0.0.0.0 tracker.beezup.com
Hosts: 0.0.0.0 autocontext.begun.ru
Hosts: 0.0.0.0 promo.begun.ru
Hosts: 0.0.0.0 referal.begun.ru
Hosts: 0.0.0.0 api.behavioralengine.com
Hosts: 0.0.0.0 cdn.behavioralengine.com
Hosts: 0.0.0.0 www.belstat.be
Hosts: 0.0.0.0 www.belstat.com
Hosts: 0.0.0.0 www.belstat.nl
Hosts: 0.0.0.0 oas.benchmark.fr
Hosts: 0.0.0.0 serving.bepolite.eu
Hosts: 0.0.0.0 webtrends.besite.be
Hosts: 0.0.0.0 www.besttoolbars.net
Hosts: 0.0.0.0 www.best-top.ro
Hosts: 0.0.0.0 imstore.bet365affiliates.com
Hosts: 0.0.0.0 oddbanner.bet-at-home.com
Hosts: 0.0.0.0 ads1.beta.lt
Hosts: 0.0.0.0 banners.betcris.com
Hosts: 0.0.0.0 ads.betfair.com
Hosts: 0.0.0.0 banner.betfred.com
Hosts: 0.0.0.0 ad.beritasatumedia.com
Hosts: 0.0.0.0 www.bettertextads.com
Hosts: 0.0.0.0 ads.bgfree.com
Hosts: 0.0.0.0 banners.bgmaps.com
Hosts: 0.0.0.0 bgtop100.com
Hosts: 0.0.0.0 ads.bgtop.net
Hosts: 0.0.0.0 bgwebads.com
Hosts: 0.0.0.0 bighop.com
Hosts: 0.0.0.0 counter.bigli.ru
Hosts: 0.0.0.0 api.bigmobileads.com
Hosts: 0.0.0.0 bpm.tags.bigpondmedia.com
Hosts: 0.0.0.0 banex.bikers-engine.com
Hosts: 0.0.0.0 intext.billboard.cz
Hosts: 0.0.0.0 code.intext.billboard.cz
Hosts: 0.0.0.0 bbcdn.code.intext.billboard.cz
Hosts: 0.0.0.0 view.binlayer.com
Hosts: 0.0.0.0 ads.biscom.net
Hosts: 0.0.0.0 server.bittads.com
Hosts: 0.0.0.0 dc.bizjournals.com
Hosts: 0.0.0.0 ads2.blastro.com
Hosts: 0.0.0.0 ads3.blastro.com
Hosts: 0.0.0.0 blekko.com
Hosts: 0.0.0.0 img.blesk.cz
Hosts: 0.0.0.0 trak-analytics.blic.rs
Hosts: 0.0.0.0 ads.blizzard.com
Hosts: 0.0.0.0 ads.blog.com
Hosts: 0.0.0.0 www.blogcatalog.com
Hosts: 0.0.0.0 blogcounter.com
Hosts: 0.0.0.0 track.blogcounter.de
Hosts: 0.0.0.0 www.blogcounter.de
Hosts: 0.0.0.0 ads.blogdrive.com
Hosts: 0.0.0.0 ads.blogherads.com
Hosts: 0.0.0.0 pixel.blog.hu
Hosts: 0.0.0.0 pcbutts1-therealtruth.blogspot.com
Hosts: 0.0.0.0 ads.blogtalkradio.com
Hosts: 0.0.0.0 ox-d.blogtalkradio.com
Hosts: 0.0.0.0 adserver.bloodhorse.com
Hosts: 0.0.0.0 stats.bluebillywig.com
Hosts: 0.0.0.0 delivery.bluefinmediaads.com
Hosts: 0.0.0.0 adserver.bluewin.ch
Hosts: 0.0.0.0 watershed.bm23.com
Hosts: 0.0.0.0 t.bmmetrix.com
Hosts: 0.0.0.0 www.bmmetrix.com
Hosts: 0.0.0.0 bannermanager.bnr.bg
Hosts: 0.0.0.0 ads.boardtracker.com
Hosts: 0.0.0.0 ranks.boardtracker.com
Hosts: 0.0.0.0 tracking.bodis.com
Hosts: 0.0.0.0 ad.bodybuilding.com
Hosts: 0.0.0.0 ads.boerse-express.com
Hosts: 0.0.0.0 adv.bol.bg
Hosts: 0.0.0.0 www.bonabanners.co.uk
Hosts: 0.0.0.0 token.boomerang.com.au
Hosts: 0.0.0.0 adserver.borsaitaliana.it
Hosts: 0.0.0.0 adserver.borsonline.hu
Hosts: 0.0.0.0 www.box.bg
Hosts: 0.0.0.0 tracker.brainsins.com
Hosts: 0.0.0.0 ads.brandeins.de
Hosts: 0.0.0.0 dolce-sportro.count.brat-online.ro
Hosts: 0.0.0.0 stats.break.com
Hosts: 0.0.0.0 bans.bride.ru
Hosts: 0.0.0.0 ads.bridgetrack.com
Hosts: 0.0.0.0 cc.bridgetrack.com
Hosts: 0.0.0.0 citi.bridgetrack.com
Hosts: 0.0.0.0 goku.brightcove.com
Hosts: 0.0.0.0 ads.bsplayer.com
Hosts: 0.0.0.0 ads.bta.bg
Hosts: 0.0.0.0 ads.btv.bg
Hosts: 0.0.0.0 ads.buljobs.bg
Hosts: 0.0.0.0 js.bunchofads.com
Hosts: 0.0.0.0 ivitrine.buscape.com
Hosts: 0.0.0.0 ads.businessclick.com
Hosts: 0.0.0.0 ads.businessclick.pl
Hosts: 0.0.0.0 d.buyescorttraffic.com
Hosts: 0.0.0.0 buylicensekey.com
Hosts: 0.0.0.0 assets.buysellads.com
Hosts: 0.0.0.0 cdn.buysellads.com
Hosts: 0.0.0.0 ads.buzzcity.net
Hosts: 0.0.0.0 txads.buzzcity.com
Hosts: 0.0.0.0 www.buzzclick.com
Hosts: 0.0.0.0 adnetwork.buzzlogic.com
Hosts: 0.0.0.0 tr.buzzlogic.com
Hosts: 0.0.0.0 byet.org
Hosts: 0.0.0.0 blog.byethost.com
Hosts: 0.0.0.0 298-ct.c3tag.com
Hosts: 0.0.0.0 687-ct.c3tag.com
Hosts: 0.0.0.0 755-ct.c3tag.com
Hosts: 0.0.0.0 ads.calgarystampede.com
Hosts: 0.0.0.0 www.cambodiaoutsourcing.com
Hosts: 0.0.0.0 openx.camelmedia.net
Hosts: 0.0.0.0 p.camsitecash.com
Hosts: 0.0.0.0 s.camsitecash.com
Hosts: 0.0.0.0 adserve.canadawidemagazines.com
Hosts: 0.0.0.0 stats.canalblog.com
Hosts: 0.0.0.0 ad.caradisiac.com
Hosts: 0.0.0.0 srv.carbonads.net
Hosts: 0.0.0.0 ads.cars.com
Hosts: 0.0.0.0 images.cashfiesta.com
Hosts: 0.0.0.0 www.cashfiesta.com
Hosts: 0.0.0.0 www.cashfiesta.net
Hosts: 0.0.0.0 banner.casinodelrio.com
Hosts: 0.0.0.0 adv.casinopays.com
Hosts: 0.0.0.0 www.casinotropez.com
Hosts: 0.0.0.0 cdn.castplatform.com
Hosts: 0.0.0.0 tracking.cdiscount.com
Hosts: 0.0.0.0 ads.cdfreaks.com
Hosts: 0.0.0.0 a3.cdnpark.com
Hosts: 0.0.0.0 cn.ecritel.bench.cedexis.com
Hosts: 0.0.0.0 radar.cedexis.com
Hosts: 0.0.0.0 3.cennter.com
Hosts: 0.0.0.0 ox-d.chacha.com
Hosts: 0.0.0.0 cts-secure.channelintelligence.com
Hosts: 0.0.0.0 chapmanmediagroup.com
Hosts: 0.0.0.0 count.channeladvisor.com
Hosts: 0.0.0.0 adsapi.chartbeat.com
Hosts: 0.0.0.0 code.checkstat.nl
Hosts: 0.0.0.0 www.checkstat.nl
Hosts: 0.0.0.0 err.chicappa.jp
Hosts: 0.0.0.0 ads.china.com
Hosts: 0.0.0.0 v5.chinoc.net
Hosts: 0.0.0.0 ad.chip.de
Hosts: 0.0.0.0 ads.city24.ee
Hosts: 0.0.0.0 ckstatic.com
Hosts: 0.0.0.0 crv.clickad.pl
Hosts: 0.0.0.0 publishers.clickbooth.com
Hosts: 0.0.0.0 www.clickcountr.com
Hosts: 0.0.0.0 j.clickdensity.com
Hosts: 0.0.0.0 r.clickdensity.com
Hosts: 0.0.0.0 adsense.clicking.com.tw
Hosts: 0.0.0.0 banners.clickon.co.il
Hosts: 0.0.0.0 track.clickon.co.il
Hosts: 0.0.0.0 delivery.clickonometrics.pl
Hosts: 0.0.0.0 static.clickonometrics.pl
Hosts: 0.0.0.0 static.clickpapa.com
Hosts: 0.0.0.0 www.clickpapa.com
Hosts: 0.0.0.0 tracktrue.clicktrue.biz
Hosts: 0.0.0.0 www.is1.clixgalore.com
Hosts: 0.0.0.0 www.clixgalore.com
Hosts: 0.0.0.0 www.clickhouse.com
Hosts: 0.0.0.0 banners.clips4sale.com
Hosts: 0.0.0.0 banner.clubdicecasino.com
Hosts: 0.0.0.0 adserver.clubs1.bg
Hosts: 0.0.0.0 ads.clubz.bg
Hosts: 0.0.0.0 cluper.net
Hosts: 0.0.0.0 adserver.clix.pt
Hosts: 0.0.0.0 stats.cloxy.com
Hosts: 0.0.0.0 s.clx.ru
Hosts: 0.0.0.0 ad.cmfu.com
Hosts: 0.0.0.0 cpmcartel.com
Hosts: 0.0.0.0 openx.cnews.ru
Hosts: 0.0.0.0 c.cnstats.ru
Hosts: 0.0.0.0 www.cnstats.com
Hosts: 0.0.0.0 www.co2stats.com
Hosts: 0.0.0.0 anchor.coadvertise.com
Hosts: 0.0.0.0 ad.coas2.co.kr
Hosts: 0.0.0.0 traffic.prod.cobaltgroup.com
Hosts: 0.0.0.0 collectiveads.net
Hosts: 0.0.0.0 vcu.collserve.com
Hosts: 0.0.0.0 www.compactads.com
Hosts: 0.0.0.0 ads.comperia.pl
Hosts: 0.0.0.0 ads.consumeraffairs.com
Hosts: 0.0.0.0 ads.contactmusic.com
Hosts: 0.0.0.0 api.contentclick.co.uk
Hosts: 0.0.0.0 www.contextualadv.com
Hosts: 0.0.0.0 ads.contextweb.com
Hosts: 0.0.0.0 ds.contextweb.com
Hosts: 0.0.0.0 www.contaxe.com
Hosts: 0.0.0.0 www.contextpanel.com
Hosts: 0.0.0.0 www.conversionruler.com
Hosts: 0.0.0.0 ad.cooks.com
Hosts: 0.0.0.0 ad2.cooks.com
Hosts: 0.0.0.0 banners.copyscape.com
Hosts: 0.0.0.0 data.de.coremetrics.com
Hosts: 0.0.0.0 www.count24.de
Hosts: 0.0.0.0 www.countit.ch
Hosts: 0.0.0.0 www.counter-gratis.com
Hosts: 0.0.0.0 www.counter4you.net
Hosts: 0.0.0.0 www.counting4free.com
Hosts: 0.0.0.0 www.counter.cz
Hosts: 0.0.0.0 connectionzone.com
Hosts: 0.0.0.0 banner.coza.com
Hosts: 0.0.0.0 www.cpays.com
Hosts: 0.0.0.0 www.cpmterra.com
Hosts: 0.0.0.0 roitrack.cptgt.com
Hosts: 0.0.0.0 ads.cpxcenter.com
Hosts: 0.0.0.0 adserving.cpxadroit.com
Hosts: 0.0.0.0 panther1.cpxinteractive.com
Hosts: 0.0.0.0 static.crakbanner.com
Hosts: 0.0.0.0 adverts.creativemark.co.uk
Hosts: 0.0.0.0 ads.crisppremium.com
Hosts: 0.0.0.0 ox-d.crisppremium.com
Hosts: 0.0.0.0 www.crm-metrix.fr
Hosts: 0.0.0.0 stg.widget.crowdignite.com
Hosts: 0.0.0.0 ads.crosswinds.net
Hosts: 0.0.0.0 ads.crossworxs.eu
Hosts: 0.0.0.0 i.ctnsnet.com
Hosts: 0.0.0.0 ads.milliyet.cubecdn.net
Hosts: 0.0.0.0 cdn.cxense.com
Hosts: 0.0.0.0 www.cybereps.com
Hosts: 0.0.0.0 banner.cybertechdev.com
Hosts: 0.0.0.0 cybertown.ru
Hosts: 0.0.0.0 banner.czech-spam.cz
Hosts: 0.0.0.0 ads.daclips.in
Hosts: 0.0.0.0 ads.dada.it
Hosts: 0.0.0.0 count.daem0n.com
Hosts: 0.0.0.0 annonser.dagbladet.no
Hosts: 0.0.0.0 t.dailymail.co.uk
Hosts: 0.0.0.0 rta.dailymail.co.uk
Hosts: 0.0.0.0 ted.dailymail.co.uk
Hosts: 0.0.0.0 ads.darikweb.com
Hosts: 0.0.0.0 sync.darikweb.com
Hosts: 0.0.0.0 www1.darikweb.com
Hosts: 0.0.0.0 www.dataforce.net
Hosts: 0.0.0.0 banner.date.com
Hosts: 0.0.0.0 banners.datecs.bg
Hosts: 0.0.0.0 mb.datingadzone.com
Hosts: 0.0.0.0 ox.dateland.co.il
Hosts: 0.0.0.0 count.dba.dk
Hosts: 0.0.0.0 top.dating.lt
Hosts: 0.0.0.0 counter.top.dating.lt
Hosts: 0.0.0.0 daylogs.com
Hosts: 0.0.0.0 advertising.dclux.com
Hosts: 0.0.0.0 tracking.dc-storm.com
Hosts: 0.0.0.0 de17a.com
Hosts: 0.0.0.0 ads.dealnews.com
Hosts: 0.0.0.0 connect.decknetwork.net
Hosts: 0.0.0.0 adv.deltanews.bg
Hosts: 0.0.0.0 fast.gannett.demdex.net
Hosts: 0.0.0.0 piwik.denik.cz
Hosts: 0.0.0.0 ads.dennisnet.co.uk
Hosts: 0.0.0.0 openx.depoilab.com
Hosts: 0.0.0.0 ads.designboom.com
Hosts: 0.0.0.0 adcast.deviantart.com
Hosts: 0.0.0.0 www.dia-traffic.com
Hosts: 0.0.0.0 track.did-it.com
Hosts: 0.0.0.0 counter.dieit.de
Hosts: 0.0.0.0 openx.diena.lv
Hosts: 0.0.0.0 ads.digitalalchemy.tv
Hosts: 0.0.0.0 yield.audience.digitalmedia.bg
Hosts: 0.0.0.0 ads.digitalpoint.com
Hosts: 0.0.0.0 geo.digitalpoint.com
Hosts: 0.0.0.0 dinclinx.com
Hosts: 0.0.0.0 www.dinclinx.com
Hosts: 0.0.0.0 st.directadvert.ru
Hosts: 0.0.0.0 www.directadvert.ru
Hosts: 0.0.0.0 roitrack.directdisplayad.com
Hosts: 0.0.0.0 aserve.directorym.com
Hosts: 0.0.0.0 cache.directorym.com
Hosts: 0.0.0.0 www.direct-stats.com
Hosts: 0.0.0.0 glitter.services.disqus.com
Hosts: 0.0.0.0 www.divx.it
Hosts: 0.0.0.0 ads.dobrichonline.com
Hosts: 0.0.0.0 analyticsv2.dol.gr
Hosts: 0.0.0.0 banners.dol.gr
Hosts: 0.0.0.0 return.domainnamesales.com
Hosts: 0.0.0.0 ads.domainbg.com
Hosts: 0.0.0.0 publishers.domainadvertising.com
Hosts: 0.0.0.0 return.bs.domainnamesales.com
Hosts: 0.0.0.0 f.domdex.com
Hosts: 0.0.0.0 ad.donanimhaber.com
Hosts: 0.0.0.0 adv.dontcrack.com
Hosts: 0.0.0.0 ad2.bal.dotandad.com
Hosts: 0.0.0.0 test-script.dotmetrics.net
Hosts: 0.0.0.0 ads.dotomi.com
Hosts: 0.0.0.0 iad-login.dotomi.com
Hosts: 0.0.0.0 ads.double.net
Hosts: 0.0.0.0 imp.double.net
Hosts: 0.0.0.0 track.double.net
Hosts: 0.0.0.0 ad03.doubleadx.com
Hosts: 0.0.0.0 marketing.doubleclickindustries.com
Hosts: 0.0.0.0 banners.dpnet.com.br
Hosts: 0.0.0.0 ads.draugas.lt
Hosts: 0.0.0.0 imgn.dt00.net
Hosts: 0.0.0.0 tracking.dsmmadvantage.com
Hosts: 0.0.0.0 www.dsply.com
Hosts: 0.0.0.0 tracking.dtiserv2.com
Hosts: 0.0.0.0 ad.dumedia.ru
Hosts: 0.0.0.0 track.dvdbox.com
Hosts: 0.0.0.0 www.dwin1.com
Hosts: 0.0.0.0 ads.dynamic-media.org
Hosts: 0.0.0.0 hits.e.cl
Hosts: 0.0.0.0 ad.eanalyzer.de
Hosts: 0.0.0.0 ay.eastmoney.com
Hosts: 0.0.0.0 www.easy-dating.org
Hosts: 0.0.0.0 top.easy.lv
Hosts: 0.0.0.0 web.easyresearch.se
Hosts: 0.0.0.0 web2.easyresearch.se
Hosts: 0.0.0.0 web3.easyresearch.se
Hosts: 0.0.0.0 www.ebannertraffic.com
Hosts: 0.0.0.0 as.ebz.io
Hosts: 0.0.0.0 ox.e-card.bg
Hosts: 0.0.0.0 ox-s.e-card.bg
Hosts: 0.0.0.0 prom.ecato.net
Hosts: 0.0.0.0 ads.eccentrix.com
Hosts: 0.0.0.0 ad.econet.hu
Hosts: 0.0.0.0 b.economedia.bg
Hosts: 0.0.0.0 ad.ecplaza.net
Hosts: 0.0.0.0 ads.ecrush.com
Hosts: 0.0.0.0 ads.bridgetrack.com.edgesuite.net
Hosts: 0.0.0.0 ads.edipresse.pl
Hosts: 0.0.0.0 banners.e-dologic.co.il
Hosts: 0.0.0.0 track.effiliation.com
Hosts: 0.0.0.0 pk-cdn.effectivemeasure.net
Hosts: 0.0.0.0 th-cdn.effectivemeasure.net
Hosts: 0.0.0.0 ads.e-go.gr
Hosts: 0.0.0.0 stats.e-go.gr
Hosts: 0.0.0.0 eisenstein.dk
Hosts: 0.0.0.0 ad.e-kolay.net
Hosts: 0.0.0.0 adonline.e-kolay.net
Hosts: 0.0.0.0 global.ekmpinpoint.com
Hosts: 0.0.0.0 ads2.ekologia.pl
Hosts: 0.0.0.0 stat.ekologia.pl
Hosts: 0.0.0.0 ads.elmaz.com
Hosts: 0.0.0.0 anapixel.elmundo.es
Hosts: 0.0.0.0 e.emailretargeting.com
Hosts: 0.0.0.0 ads.elitetrader.com
Hosts: 0.0.0.0 pixelcounter.elmundo.es
Hosts: 0.0.0.0 ads.eluniversal.com.mx
Hosts: 0.0.0.0 hits.eluniversal.com.mx
Hosts: 0.0.0.0 publicidad.eluniversal.com.mx
Hosts: 0.0.0.0 profitshare.emag.ro
Hosts: 0.0.0.0 email-reflex.com
Hosts: 0.0.0.0 ad1.emediate.dk
Hosts: 0.0.0.0 eas.apm.emediate.eu
Hosts: 0.0.0.0 cdn3.emediate.eu
Hosts: 0.0.0.0 cdn6.emediate.eu
Hosts: 0.0.0.0 cdn8.emediate.eu
Hosts: 0.0.0.0 eas5.emediate.eu
Hosts: 0.0.0.0 ism6.emediate.eu
Hosts: 0.0.0.0 ad1.emediate.se
Hosts: 0.0.0.0 dotnet.endai.com
Hosts: 0.0.0.0 ac.eu.enecto.com
Hosts: 0.0.0.0 trk.enecto.com
Hosts: 0.0.0.0 openx.engagedmediamags.com
Hosts: 0.0.0.0 adsrv.ads.eniro.com
Hosts: 0.0.0.0 cams.enjoy.be
Hosts: 0.0.0.0 enoratraffic.com
Hosts: 0.0.0.0 www.enoratraffic.com
Hosts: 0.0.0.0 publicidad.entelchile.net
Hosts: 0.0.0.0 sa.entireweb.com
Hosts: 0.0.0.0 entk.net
Hosts: 0.0.0.0 e-marketing.entelchile.net
Hosts: 0.0.0.0 ads.e-planning.net
Hosts: 0.0.0.0 adserving03.epi.es
Hosts: 0.0.0.0 epmads.com
Hosts: 0.0.0.0 code.etracker.com
Hosts: 0.0.0.0 www.etracker.de
Hosts: 0.0.0.0 top.er.cz
Hosts: 0.0.0.0 ads.ere.net
Hosts: 0.0.0.0 ads.ereklama.mk
Hosts: 0.0.0.0 ads.ersamedia.ch
Hosts: 0.0.0.0 tracking.euroads.dk
Hosts: 0.0.0.0 ox.eurogamer.net
Hosts: 0.0.0.0 it.erosadv.com
Hosts: 0.0.0.0 pix3.esm1.net
Hosts: 0.0.0.0 ads.eurogamer.net
Hosts: 0.0.0.0 adserver.euronics.de
Hosts: 0.0.0.0 geoads.eurorevenue.com
Hosts: 0.0.0.0 advert.eurotip.cz
Hosts: 0.0.0.0 www.euros4click.de
Hosts: 0.0.0.0 ad.eurosport.com
Hosts: 0.0.0.0 pixel.everesttech.net
Hosts: 0.0.0.0 pixel-user-1039.everesttech.net
Hosts: 0.0.0.0 venetian.evyy.net
Hosts: 0.0.0.0 ads2.evz.ro
Hosts: 0.0.0.0 advert.exaccess.ru
Hosts: 0.0.0.0 dynamic.exaccess.ru
Hosts: 0.0.0.0 static.exaccess.ru
Hosts: 0.0.0.0 www.exchangead.com
Hosts: 0.0.0.0 exchange.bg
Hosts: 0.0.0.0 media.exchange.bg
Hosts: 0.0.0.0 www.exchange.bg
Hosts: 0.0.0.0 exclusiotv.be
Hosts: 0.0.0.0 ads.expekt.com
Hosts: 0.0.0.0 www.experclick.com
Hosts: 0.0.0.0 expo-max.com
Hosts: 0.0.0.0 ads.expedia.com
Hosts: 0.0.0.0 admedia.expedia.com
Hosts: 0.0.0.0 expired-targeted.com
Hosts: 0.0.0.0 ads.eyeonx.ch
Hosts: 0.0.0.0 resources.eyereturn.com
Hosts: 0.0.0.0 advertising.ezanga.com
Hosts: 0.0.0.0 1278725189.pub.ezanga.com
Hosts: 0.0.0.0 ads.ezboard.com
Hosts: 0.0.0.0 machine.fairfaxbm.co.nz
Hosts: 0.0.0.0 st.fanatics.com
Hosts: 0.0.0.0 a.farlex.com
Hosts: 0.0.0.0 fashion-tube.be
Hosts: 0.0.0.0 adsrv.fashion.bg
Hosts: 0.0.0.0 www.fastadvert.com
Hosts: 0.0.0.0 fastonlineusers.com
Hosts: 0.0.0.0 fastsearchproduct.com
Hosts: 0.0.0.0 counter.fateback.com
Hosts: 0.0.0.0 counter1.fc2.com
Hosts: 0.0.0.0 error.fc2.com
Hosts: 0.0.0.0 as.featurelink.com
Hosts: 0.0.0.0 admega.feed.gr
Hosts: 0.0.0.0 feedjit.com
Hosts: 0.0.0.0 log.feedjit.com
Hosts: 0.0.0.0 analytics.femalefirst.co.uk
Hosts: 0.0.0.0 pixel.fetchback.com
Hosts: 0.0.0.0 banners.ffsbg.com
Hosts: 0.0.0.0 ads.fiat-bg.org
Hosts: 0.0.0.0 cache.fimservecdn.com
Hosts: 0.0.0.0 adboost.finalid.com
Hosts: 0.0.0.0 tracker.financialcontent.com
Hosts: 0.0.0.0 banner.finn.no
Hosts: 0.0.0.0 ads.firstgrand.com
Hosts: 0.0.0.0 s01.flagcounter.com
Hosts: 0.0.0.0 s02.flagcounter.com
Hosts: 0.0.0.0 s03.flagcounter.com
Hosts: 0.0.0.0 s04.flagcounter.com
Hosts: 0.0.0.0 s06.flagcounter.com
Hosts: 0.0.0.0 s07.flagcounter.com
Hosts: 0.0.0.0 s08.flagcounter.com
Hosts: 0.0.0.0 s09.flagcounter.com
Hosts: 0.0.0.0 s11.flagcounter.com
Hosts: 0.0.0.0 2.s09.flagcounter.com
Hosts: 0.0.0.0 s10.flagcounter.com
Hosts: 0.0.0.0 banners.flingguru.com
Hosts: 0.0.0.0 www.fncash.com
Hosts: 0.0.0.0 ads.focus-news.net
Hosts: 0.0.0.0 rnews.focus-news.net
Hosts: 0.0.0.0 controller.foreseeresults.com
Hosts: 0.0.0.0 forvideo.at
Hosts: 0.0.0.0 ads.fox.mk
Hosts: 0.0.0.0 ads.foxnews.com
Hosts: 0.0.0.0 www.fpcclicks.com
Hosts: 0.0.0.0 freebitmoney.com
Hosts: 0.0.0.0 ad.freecity.de
Hosts: 0.0.0.0 ads05.freecity.de
Hosts: 0.0.0.0 maurobb.freecounter.it
Hosts: 0.0.0.0 www.freecounter.it
Hosts: 0.0.0.0 freegeoip.net
Hosts: 0.0.0.0 a9.sc.freepornvs.com
Hosts: 0.0.0.0 www.free-toplisten.at
Hosts: 0.0.0.0 banners.freett.com
Hosts: 0.0.0.0 count.freett.com
Hosts: 0.0.0.0 counters.freewebs.com
Hosts: 0.0.0.0 error.freewebsites.com
Hosts: 0.0.0.0 www.freewebsites.com
Hosts: 0.0.0.0 nx.frosmo.com
Hosts: 0.0.0.0 tr1.frosmo.com
Hosts: 0.0.0.0 ads.fulltiltpoker.com
Hosts: 0.0.0.0 www.funtopliste.de
Hosts: 0.0.0.0 www.fusestats.com
Hosts: 0.0.0.0 fxyc0dwa.com
Hosts: 0.0.0.0 ads5.fxdepo.com
Hosts: 0.0.0.0 fxlayer.net
Hosts: 0.0.0.0 errdoc.gabia.net
Hosts: 0.0.0.0 adserver.gadu-gadu.pl
Hosts: 0.0.0.0 adsm.gameforge.de
Hosts: 0.0.0.0 tracking.gameforge.de
Hosts: 0.0.0.0 ingameads.gameloft.com
Hosts: 0.0.0.0 ads.garga.biz
Hosts: 0.0.0.0 ads.gateway.bg
Hosts: 0.0.0.0 ads.gather.com
Hosts: 0.0.0.0 track.gawker.com
Hosts: 0.0.0.0 ad.gazeta.pl
Hosts: 0.0.0.0 adp.gazeta.pl
Hosts: 0.0.0.0 adv.gazeta.pl
Hosts: 0.0.0.0 analytics.gazeta.pl
Hosts: 0.0.0.0 top.gde.ru
Hosts: 0.0.0.0 www.geoplugin.net
Hosts: 0.0.0.0 ads.geornmd.net
Hosts: 0.0.0.0 adv.gepime.com
Hosts: 0.0.0.0 getrank.net
Hosts: 0.0.0.0 getrockerbox.com
Hosts: 0.0.0.0 www.getsmart.com
Hosts: 0.0.0.0 getstatistics.se
Hosts: 0.0.0.0 www.getstatistics.se
Hosts: 0.0.0.0 adct.gg.pl
Hosts: 0.0.0.0 banner.giantvegas.com
Hosts: 0.0.0.0 truehits.gits.net.th
Hosts: 0.0.0.0 truehits1.gits.net.th
Hosts: 0.0.0.0 truehits3.gits.net.th
Hosts: 0.0.0.0 gkts.co
Hosts: 0.0.0.0 www17-orig.glam.com
Hosts: 0.0.0.0 www30a6-orig.glam.com
Hosts: 0.0.0.0 insert.gloadmarket.com
Hosts: 0.0.0.0 promotools.globalmailer.com
Hosts: 0.0.0.0 promotools3.globalmailer.com
Hosts: 0.0.0.0 promotools4.globalmailer.com
Hosts: 0.0.0.0 ads.globo.com
Hosts: 0.0.0.0 ads.img.globo.com
Hosts: 0.0.0.0 gmads.net
Hosts: 0.0.0.0 at.gmads.net
Hosts: 0.0.0.0 dk.gmads.net
Hosts: 0.0.0.0 es.gmads.net
Hosts: 0.0.0.0 pl.gmads.net
Hosts: 0.0.0.0 go777site.com
Hosts: 0.0.0.0 adserver2.goals365.com
Hosts: 0.0.0.0 ads.godlikeproductions.com
Hosts: 0.0.0.0 counter.goingup.com
Hosts: 0.0.0.0 www.goldadvert.cz
Hosts: 0.0.0.0 js-at.goldbach.com
Hosts: 0.0.0.0 c.go-mpulse.net
Hosts: 0.0.0.0 engine.goodadvert.ru
Hosts: 0.0.0.0 files.goodadvert.ru
Hosts: 0.0.0.0 googlus.com
Hosts: 0.0.0.0 ads.gorillavid.in
Hosts: 0.0.0.0 adtools.gossipkings.com
Hosts: 0.0.0.0 webcounter.goweb.de
Hosts: 0.0.0.0 www.gpr.hu
Hosts: 0.0.0.0 www.gradportal.org
Hosts: 0.0.0.0 ad-incisive.grapeshot.co.uk
Hosts: 0.0.0.0 reed-cw.grapeshot.co.uk
Hosts: 0.0.0.0 tk.graphinsider.com
Hosts: 0.0.0.0 adv.gratuito.st
Hosts: 0.0.0.0 rma-api.gravity.com
Hosts: 0.0.0.0 grmtech.net
Hosts: 0.0.0.0 de.grmtech.net
Hosts: 0.0.0.0 www.grmtech.net
Hosts: 0.0.0.0 tracker.gtarcade.com
Hosts: 0.0.0.0 fx.gtop.ro
Hosts: 0.0.0.0 static.gtop.ro
Hosts: 0.0.0.0 www.gtop.ro
Hosts: 0.0.0.0 fx.gtopstats.com
Hosts: 0.0.0.0 ads.gumgum.com
Hosts: 0.0.0.0 c.gumgum.com
Hosts: 0.0.0.0 cdn.gumgum.com
Hosts: 0.0.0.0 guruads.de
Hosts: 0.0.0.0 beacon.gutefrage.net
Hosts: 0.0.0.0 adhese.gva.be
Hosts: 0.0.0.0 tags.h12-media.com
Hosts: 0.0.0.0 cc12797.counter.hackers.lv
Hosts: 0.0.0.0 cc9905.counter.hackers.lv
Hosts: 0.0.0.0 adserver.hardwareanalysis.com
Hosts: 0.0.0.0 www.harmonyhollow.net
Hosts: 0.0.0.0 ads.haskovo.net
Hosts: 0.0.0.0 ad0.haynet.com
Hosts: 0.0.0.0 ad.hbv.de
Hosts: 0.0.0.0 adhese.hbvl.be
Hosts: 0.0.0.0 ads.hearstmags.com
Hosts: 0.0.0.0 adserver.heavenmedia.com
Hosts: 0.0.0.0 ads.heias.com
Hosts: 0.0.0.0 ads2.helpos.com
Hosts: 0.0.0.0 www.hentaitoonami.com
Hosts: 0.0.0.0 ad.hepsiburada.com
Hosts: 0.0.0.0 www.hermoment.com
Hosts: 0.0.0.0 ads.hexun.com
Hosts: 0.0.0.0 hx.hexun.com
Hosts: 0.0.0.0 utrack.hexun.com
Hosts: 0.0.0.0 www.hey.lt
Hosts: 0.0.0.0 ads.highdefdigest.com
Hosts: 0.0.0.0 ad.hirekmedia.hu
Hosts: 0.0.0.0 adserver.hispanoclick.com
Hosts: 0.0.0.0 spravki-online.hit.bg
Hosts: 0.0.0.0 c.hit.ua
Hosts: 0.0.0.0 www.hit.tc
Hosts: 0.0.0.0 landing.hitfarm.com
Hosts: 0.0.0.0 hit-now.com
Hosts: 0.0.0.0 storage.hitrang.com
Hosts: 0.0.0.0 hitslog.com
Hosts: 0.0.0.0 www.hitstats.co.uk
Hosts: 0.0.0.0 hitstats.net
Hosts: 0.0.0.0 www.hittracker.org
Hosts: 0.0.0.0 hitwebcounter.com
Hosts: 0.0.0.0 images.hitwise.co.uk
Hosts: 0.0.0.0 ad.hizlireklam.com
Hosts: 0.0.0.0 hxtrack.holidayextras.co.uk
Hosts: 0.0.0.0 www.adserver.home.pl
Hosts: 0.0.0.0 homes.bg
Hosts: 0.0.0.0 counters.honesty.com
Hosts: 0.0.0.0 cgi.honesty.com
Hosts: 0.0.0.0 e1.static.hoptopboy.com
Hosts: 0.0.0.0 ox.hoosiertimes.com
Hosts: 0.0.0.0 ad.hosting.pl
Hosts: 0.0.0.0 stats.hosting24.com
Hosts: 0.0.0.0 error.hostinger.eu
Hosts: 0.0.0.0 ads.hotarena.net
Hosts: 0.0.0.0 ad2.hotels.com
Hosts: 0.0.0.0 www.hotspotshield.com
Hosts: 0.0.0.0 h06.hotrank.com.tw
Hosts: 0.0.0.0 www.hotranks.com
Hosts: 0.0.0.0 adserver.html.it
Hosts: 0.0.0.0 click.html.it
Hosts: 0.0.0.0 hub.com.pl
Hosts: 0.0.0.0 js.hubspot.com
Hosts: 0.0.0.0 entry-stats.huffpost.com
Hosts: 0.0.0.0 vertical-stats.huffpost.com
Hosts: 0.0.0.0 ads.hulu.com
Hosts: 0.0.0.0 track.hulu.com
Hosts: 0.0.0.0 ads.hurra.de
Hosts: 0.0.0.0 tracker.dev.hearst.nl
Hosts: 0.0.0.0 ads2000.hw.net
Hosts: 0.0.0.0 dserver.hw.net
Hosts: 0.0.0.0 www.hw-ad.de
Hosts: 0.0.0.0 www.hxtrack.com
Hosts: 0.0.0.0 www.hypertracker.com
Hosts: 0.0.0.0 ads.iafrica.com
Hosts: 0.0.0.0 ads.ibex-media.com
Hosts: 0.0.0.0 ev.ib-ibi.com
Hosts: 0.0.0.0 r.ibg.bg
Hosts: 0.0.0.0 bbcdn-bbnaut.ibillboard.com
Hosts: 0.0.0.0 bbcdn-tag.ibillboard.com
Hosts: 0.0.0.0 www.ibis.cz
Hosts: 0.0.0.0 hits.icdirect.com
Hosts: 0.0.0.0 www.icentric.net
Hosts: 0.0.0.0 tracker.icerocket.com
Hosts: 0.0.0.0 ado.icorp.ro
Hosts: 0.0.0.0 ads.icorp.ro
Hosts: 0.0.0.0 ads.idgnow.com.br
Hosts: 0.0.0.0 banners.idg.com.br
Hosts: 0.0.0.0 log.idg.no
Hosts: 0.0.0.0 adidm07.idmnet.pl
Hosts: 0.0.0.0 adidm.idmnet.pl
Hosts: 0.0.0.0 adsrv2.ihlassondakika.com
Hosts: 0.0.0.0 stats.surfaid.ihost.com
Hosts: 0.0.0.0 k.iinfo.cz
Hosts: 0.0.0.0 script.ioam.de
Hosts: 0.0.0.0 adserver.ilmessaggero.it
Hosts: 0.0.0.0 adserver.ilounge.com
Hosts: 0.0.0.0 rc.bt.ilsemedia.nl
Hosts: 0.0.0.0 stats.ilsemedia.nl
Hosts: 0.0.0.0 adv.ilsole24ore.it
Hosts: 0.0.0.0 ads.imarketservices.com
Hosts: 0.0.0.0 i.imedia.cz
Hosts: 0.0.0.0 ads.imeem.com
Hosts: 0.0.0.0 stats.immense.net
Hosts: 0.0.0.0 bbn.img.com.ua
Hosts: 0.0.0.0 ads.imguol.com
Hosts: 0.0.0.0 tracking.immobilienscout24.de
Hosts: 0.0.0.0 affiliate.imperiaonline.org
Hosts: 0.0.0.0 x.imwx.com
Hosts: 0.0.0.0 adbox.inbox-online.com
Hosts: 0.0.0.0 optimize.indieclick.com
Hosts: 0.0.0.0 aff.indirdik.com
Hosts: 0.0.0.0 ads.indexinfo.org
Hosts: 0.0.0.0 adcenter.in2.com
Hosts: 0.0.0.0 banners.inetfast.com
Hosts: 0.0.0.0 inetlog.ru
Hosts: 0.0.0.0 ads.inews.bg
Hosts: 0.0.0.0 servedby.informatm.com
Hosts: 0.0.0.0 pcbutts1.software.informer.com
Hosts: 0.0.0.0 stats.infomedia.net
Hosts: 0.0.0.0 stats.inist.fr
Hosts: 0.0.0.0 click.inn.co.il
Hosts: 0.0.0.0 bimonline.insites.be
Hosts: 0.0.0.0 ads.insmarket.bg
Hosts: 0.0.0.0 rs.instantservice.com
Hosts: 0.0.0.0 ads.inspirestudio.net
Hosts: 0.0.0.0 counter.internet.ge
Hosts: 0.0.0.0 indiads.com
Hosts: 0.0.0.0 ads.inviziads.com
Hosts: 0.0.0.0 www.imiclk.com
Hosts: 0.0.0.0 avp.innity.com
Hosts: 0.0.0.0 www.innovateads.com
Hosts: 0.0.0.0 content.integral-marketing.com
Hosts: 0.0.0.0 media.intelia.it
Hosts: 0.0.0.0 www.intelli-tracker.com
Hosts: 0.0.0.0 geo.interia.pl
Hosts: 0.0.0.0 iwa.hit.interia.pl
Hosts: 0.0.0.0 www.intera-x.com
Hosts: 0.0.0.0 cdn.interactivemedia.net
Hosts: 0.0.0.0 adserwer.intercon.pl
Hosts: 0.0.0.0 newadserver.interfree.it
Hosts: 0.0.0.0 intermediads.com
Hosts: 0.0.0.0 www.interstats.nl
Hosts: 0.0.0.0 pl-engine.intextad.net
Hosts: 0.0.0.0 ox.invia.cz
Hosts: 0.0.0.0 ad.investor.bg
Hosts: 0.0.0.0 ad01.investor.bg
Hosts: 0.0.0.0 s1.inviziads.com
Hosts: 0.0.0.0 ad2.ip.ro
Hosts: 0.0.0.0 api.ipinfodb.com
Hosts: 0.0.0.0 ip-api.com
Hosts: 0.0.0.0 ads.ipowerweb.com
Hosts: 0.0.0.0 adserver.iprom.net
Hosts: 0.0.0.0 central.iprom.net
Hosts: 0.0.0.0 ipromsi.iprom.net
Hosts: 0.0.0.0 tie.iprom.net
Hosts: 0.0.0.0 www.ipstat.com
Hosts: 0.0.0.0 delivery.ipvertising.com
Hosts: 0.0.0.0 www.iranwebads.com
Hosts: 0.0.0.0 ad2.ireklama.cz
Hosts: 0.0.0.0 clicktracker.iscan.nl
Hosts: 0.0.0.0 ads.isoftmarketing.com
Hosts: 0.0.0.0 banman.isoftmarketing.com
Hosts: 0.0.0.0 isralink.net
Hosts: 0.0.0.0 ts.istrack.com
Hosts: 0.0.0.0 adshow.it168.com
Hosts: 0.0.0.0 stat.it168.com
Hosts: 0.0.0.0 itcompany.com
Hosts: 0.0.0.0 www.itcompany.com
Hosts: 0.0.0.0 ilead.itrack.it
Hosts: 0.0.0.0 stats.itweb.co.za
Hosts: 0.0.0.0 www.iws.ro
Hosts: 0.0.0.0 link.ixs1.net
Hosts: 0.0.0.0 raahenseutu.jainos.fi
Hosts: 0.0.0.0 ad.jamba.de
Hosts: 0.0.0.0 ad.jamster.com
Hosts: 0.0.0.0 adserver.janesguide.com
Hosts: 0.0.0.0 piwik.jccm.es
Hosts: 0.0.0.0 ads.jewcy.com
Hosts: 0.0.0.0 pagerank.jklir.net
Hosts: 0.0.0.0 ads.joemonster.org
Hosts: 0.0.0.0 site.johnlewis.com
Hosts: 0.0.0.0 www.jouwstats.nl
Hosts: 0.0.0.0 www.jscount.com
Hosts: 0.0.0.0 stats.jtvnw.net
Hosts: 0.0.0.0 ad.jugem.jp
Hosts: 0.0.0.0 a.jumptap.com
Hosts: 0.0.0.0 nl.ads.justpremium.com
Hosts: 0.0.0.0 tracking.justpremium.com
Hosts: 0.0.0.0 ads.justpremium.nl
Hosts: 0.0.0.0 ads.justrelevant.com
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Tue Mar 08, 2016 8:55 am    Post subject: Reply with quote

Hi and welcome to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.


Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.



Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply
  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Brynn
Junior Member


Joined: 16 Apr 2008
Last Visit: 27 Jun 2016
Posts: 13

PostPosted: Tue Mar 08, 2016 1:48 pm    Post subject: Reply with quote

Hi Cypher,
Sorry for the duplicate posts. I kept getting an error that the server was reset, and I didn't realize the message was being posted each time re-sent it. I thought it wasn't being posted at all.

Just for your info. Since posting the op, the external mouse (and now I suspect its software has become corrupt somehow) died completely. So I have uninstalled it again, and I'm using the laptop's built-in mouse (which is pretty awful, and the reason I use the external mouse in the first place - but it's better than nothing Wink)

So far, I don't think the built-in mouse is having the same problem. But it's so slow, it's hard to say. It has not frozen yet though.

I have a question about your instructions to make a backup. I do back up my system, more or less regularly, and did so within the last week or so. But if I suspect there might be a malware, won't backing up risk infecting the storage device?

Since I'm getting along relatively well with the built-in mouse, I realized I could run scans with my current security programs. But I see your guidelines not to do that. So I'll wait. But just to let you know I could, if necessary. (I couldn't when I posted the first message.)

Ok, so I'll go and download the 3 programs, and get the logs that you want.

Thank you very much!
Back to top
View user's profile Send private message
Brynn
Junior Member


Joined: 16 Apr 2008
Last Visit: 27 Jun 2016
Posts: 13

PostPosted: Tue Mar 08, 2016 4:11 pm    Post subject: Reply with quote

Ok, here comes the logs.

AdwCleaner put AdwCleaner[C1].txt on my screen, but you're asking for AdwCleaner[S1].txt. So just to cover all the bases, I'll post both:

AdwCleaner[S1].txt (AdwCleaner[C1].txt below)

# AdwCleaner v5.101 - Logfile created 08/03/2016 at 16:43:17
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jill Davis - BRYNNSLAPTOP
# Running from : C:\Users\Jill Davis\Desktop\adwcleaner_5.101.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : iWinTrusted

***** [ Folders ] *****

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
Folder Found : C:\Users\Jill Davis\AppData\Local\PackageAware
Folder Found : C:\Users\Public\Documents\iWin

***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : RunAsStdUser Task

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{635ADC07-6F19-42A7-8043-EDD19678CE14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{635ADC07-6F19-42A7-8043-EDD19678CE14}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44E6B68E-8DA5-4093-921B-7275E5B3906A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1

***** [ Web browsers ] *****


*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2371 bytes] - [08/03/2016 16:43:17]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2464 bytes] ##########

AdwCleaner[C1].txt

# AdwCleaner v5.101 - Logfile created 08/03/2016 at 16:45:02
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jill Davis - BRYNNSLAPTOP
# Running from : C:\Users\Jill Davis\Desktop\adwcleaner_5.101.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : iWinTrusted

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
[-] Folder Deleted : C:\Users\Jill Davis\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Public\Documents\iWin

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : RunAsStdUser Task

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{635ADC07-6F19-42A7-8043-EDD19678CE14}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{635ADC07-6F19-42A7-8043-EDD19678CE14}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44E6B68E-8DA5-4093-921B-7275E5B3906A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\Bitberry
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2610 bytes] - [08/03/2016 16:45:02]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [2563 bytes] - [08/03/2016 16:43:17]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2796 bytes] ##########
Back to top
View user's profile Send private message
Brynn
Junior Member


Joined: 16 Apr 2008
Last Visit: 27 Jun 2016
Posts: 13

PostPosted: Tue Mar 08, 2016 4:14 pm    Post subject: Reply with quote

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Jill Davis (administrator) on BRYNNSLAPTOP (08-03-2016 16:56:00)
Running from C:\Users\Jill Davis\Desktop
Loaded Profiles: Jill Davis (Available Profiles: Jill Davis & brynn1)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\ProgramData\Rpcnet\Bin\rpcld.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Efficient Software) C:\Program Files (x86)\Efficient Calendar\Efficient Calendar Free\EfficientCalendarFree.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3189016 2009-10-01] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1926928 2009-09-21] (Intel(R) Corporation)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [394832 2011-09-22] (Acronis)
HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [EfficientCalendarFree] => [X]
HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2536760 2011-09-22] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5550984 2011-09-22] (Acronis)
HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [91592 2015-11-17] (Absolute Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\MountPoints2: {691027b4-6fe0-11df-a3cc-b8ac6f5cd4e7} - E:\LaunchU3.exe -a
HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\MountPoints2: {6e36d8ed-3c83-11e1-a9d8-b8ac6f5cd4e7} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-903929088-2894619512-514016229-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\brynn1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-25]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-25]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-03-25]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Jill Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Efficient Calendar Free.lnk [2015-08-08]
ShortcutTarget: Efficient Calendar Free.lnk -> C:\Program Files (x86)\Efficient Calendar\Efficient Calendar Free\EfficientCalendarFree.exe (Efficient Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-903929088-2894619512-514016229-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-903929088-2894619512-514016229-1000] => localhost:21320
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{4A1992CA-68B4-4261-89A2-B987A264CA05}: [DhcpNameServer] 192.168.0.1 205.171.3.25
ManualProxies: 1localhost:21320

Internet Explorer:
==================
HKU\S-1-5-21-903929088-2894619512-514016229-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/intl/en/options/
HKU\S-1-5-21-903929088-2894619512-514016229-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://forum.inkscapecommunity.com/index.php
SearchScopes: HKLM -> DefaultScope {A9A2CB49-FE1A-472B-B717-A5890A62BEAF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {A9A2CB49-FE1A-472B-B717-A5890A62BEAF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {420AC160-6991-4D32-B3A2-87FDDA1BD499} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {420AC160-6991-4D32-B3A2-87FDDA1BD499} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-903929088-2894619512-514016229-1000 -> DefaultScope {12D4BDCD-3CAC-41FE-BAD1-25C9CC9AA6E0} URL = hxxps://ssl.scroogle.org/cgi-bin/nbbw.cgi?Gw={searchTerms}
SearchScopes: HKU\S-1-5-21-903929088-2894619512-514016229-1000 -> {12D4BDCD-3CAC-41FE-BAD1-25C9CC9AA6E0} URL = hxxps://ssl.scroogle.org/cgi-bin/nbbw.cgi?Gw={searchTerms}
SearchScopes: HKU\S-1-5-21-903929088-2894619512-514016229-1000 -> {420AC160-6991-4D32-B3A2-87FDDA1BD499} URL =
SearchScopes: HKU\S-1-5-21-903929088-2894619512-514016229-1000 -> {A9A2CB49-FE1A-472B-B717-A5890A62BEAF} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0_18\bin\jp2ssv.dll => No File
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
DPF: HKLM-x32 {700EF03F-A472-4D26-8ACB-300F4D04FD96} hxxps://lojackforlaptops.absolute.com/ctmweb/testoc.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2009-07-23] (Cozi Group, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxp://forum.inkscapecommunity.com/index.php
FF Session Restore: -> is enabled.
FF Keyword.URL: hxxps://startpage.com/do/search?language=english&cat=web&query=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.6.0_18\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-903929088-2894619512-514016229-1000: eyes.nasa.gov/NASAEyes -> C:\Users\Jill Davis\AppData\Roaming\JPLNASAVTAD\NASAEyes\1.0.0.0\npNASAEyes.dll [2013-08-02] (JPL/NASA-Caltech)
FF SearchPlugin: C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\searchplugins\duckduckgo.xml [2013-08-02]
FF SearchPlugin: C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\searchplugins\ixquick-https.xml [2012-02-27]
FF SearchPlugin: C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\searchplugins\startpage-https.xml [2012-03-01]
FF Extension: BetterPrivacy - C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-11-27]
FF Extension: PlainOldFavorites - C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37} [2015-12-23]
FF Extension: Zoom Page - C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\extensions\zoompage@DW-dev.xpi [2016-01-29]
FF Extension: Personas Plus - C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\extensions\personas@christopher.beard.xpi [2016-01-29]
FF Extension: NoScript - C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-02-17]
FF Extension: Classic Theme Restorer - C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-02-22]
FF Extension: Referrer Control - C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\Extensions\referrercontrol@qixinglu.com.xpi [2015-05-28]
FF Extension: Troubleshooter - C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\Extensions\troubleshooter@mozilla.org.xpi [2015-05-28]
FF Extension: Adblock Plus - C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF Extension: Theme Font & Size Changer - C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2016-02-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-02-14] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-02-14] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-02-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{98e34367-8df7-42b4-837b-20b892ff0848}] - C:\ProgramData\iWin Games\firefox => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found

Chrome:
=======
CHR Profile: C:\Users\Jill Davis\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [13768 2015-11-17] (Absolute Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-25] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-03-25] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-07-05] (Creative Technology Ltd) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2505472 2015-10-09] (ESET)
R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [315664 2009-09-21] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2010-03-25] (Creative Labs) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [447488 2009-11-26] () [File not signed]
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-07-30] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-07-30] (ESET)
S4 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-10-07] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-07-30] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-07-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-07-30] (ESET)
S3 glideusb; C:\Windows\System32\DRIVERS\glideusb.sys [109480 2011-03-28] (Cirque Corporation)
S3 getbus; \??\C:\Users\JILLDA~1\AppData\Local\Temp\getbus.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 16:56 - 2016-03-08 16:56 - 00020653 _____ C:\Users\Jill Davis\Desktop\FRST.txt
2016-03-08 16:55 - 2016-03-08 16:56 - 00000000 ____D C:\FRST
2016-03-08 16:52 - 2016-03-08 16:52 - 02374144 _____ (Farbar) C:\Users\Jill Davis\Desktop\FRST64.exe
2016-03-08 16:42 - 2016-03-08 16:45 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-08 16:38 - 2016-03-08 16:38 - 01524224 _____ C:\Users\Jill Davis\Desktop\adwcleaner_5.101.exe
2016-03-08 16:34 - 2016-03-08 16:34 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BRYNNSLAPTOP-Windows-7-Home-Premium-(64-bit).dat
2016-03-08 16:34 - 2016-03-08 16:34 - 00000000 ____D C:\RegBackup
2016-03-08 16:33 - 2016-03-08 16:33 - 00016407 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-03-08 16:33 - 2016-03-08 16:33 - 00002197 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-03-08 16:33 - 2016-03-08 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-03-08 16:33 - 2016-03-08 16:33 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-03-08 16:27 - 2016-03-08 16:27 - 04777232 _____ (Tweaking.com) C:\Users\Jill Davis\Desktop\tweaking.com_registry_backup_setup.exe
2016-03-08 15:01 - 2016-03-08 15:01 - 00019519 _____ C:\Users\Jill Davis\AppData\Local\recently-used.xbel
2016-03-08 03:59 - 2016-03-08 03:59 - 00316984 _____ C:\Windows\Minidump\030816-88093-01.dmp
2016-03-08 01:54 - 2016-03-08 01:54 - 00507380 _____ C:\Users\Jill Davis\Desktop\attach.txt
2016-03-08 01:54 - 2016-03-08 01:54 - 00023964 _____ C:\Users\Jill Davis\Desktop\dds.txt
2016-03-08 01:51 - 2016-03-08 01:51 - 00688992 ____R (Swearware) C:\Users\Jill Davis\Desktop\dds.scr
2016-03-08 00:47 - 2016-03-08 00:47 - 00276592 _____ C:\Windows\Minidump\030816-19624-01.dmp
2016-03-06 21:35 - 2016-03-06 21:35 - 00284696 _____ C:\Windows\Minidump\030616-18033-01.dmp
2016-03-02 18:22 - 2016-01-21 23:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-02 18:22 - 2016-01-21 23:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-02 18:22 - 2016-01-21 23:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-02 18:22 - 2016-01-21 23:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-02 18:22 - 2016-01-21 23:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-02 18:22 - 2016-01-21 23:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-02 18:22 - 2016-01-21 23:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-02 18:22 - 2016-01-21 23:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-02 18:22 - 2016-01-21 23:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-02 18:22 - 2016-01-21 23:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-02 18:22 - 2016-01-21 23:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-02 18:22 - 2016-01-21 23:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-02 18:22 - 2016-01-21 23:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-02 18:22 - 2016-01-21 23:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-02 18:22 - 2016-01-21 23:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-02 18:22 - 2016-01-21 23:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-02 18:22 - 2016-01-21 23:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-02 18:22 - 2016-01-21 23:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-03-02 18:22 - 2016-01-21 23:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-03-02 18:22 - 2016-01-21 23:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-02 18:22 - 2016-01-21 23:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-02 18:22 - 2016-01-21 23:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-02 18:22 - 2016-01-21 23:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-03-02 18:22 - 2016-01-21 23:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-02 18:22 - 2016-01-21 23:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-02 18:22 - 2016-01-21 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-02 18:22 - 2016-01-21 23:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-02 18:22 - 2016-01-21 23:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-02 18:22 - 2016-01-21 23:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-02 18:22 - 2016-01-21 23:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-02 18:22 - 2016-01-21 23:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-02 18:22 - 2016-01-21 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-02 18:22 - 2016-01-21 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-02 18:22 - 2016-01-21 23:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 23:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-02 18:22 - 2016-01-21 23:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-02 18:22 - 2016-01-21 23:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-02 18:22 - 2016-01-21 23:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-02 18:22 - 2016-01-21 23:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-02 18:22 - 2016-01-21 23:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-02 18:22 - 2016-01-21 23:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-02 18:22 - 2016-01-21 23:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-02 18:22 - 2016-01-21 23:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-02 18:22 - 2016-01-21 23:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-02 18:22 - 2016-01-21 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-02 18:22 - 2016-01-21 23:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-03-02 18:22 - 2016-01-21 23:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-03-02 18:22 - 2016-01-21 23:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-02 18:22 - 2016-01-21 23:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-02 18:22 - 2016-01-21 23:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-02 18:22 - 2016-01-21 23:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-03-02 18:22 - 2016-01-21 23:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-02 18:22 - 2016-01-21 23:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-03-02 18:22 - 2016-01-21 23:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 22:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-02 18:22 - 2016-01-21 22:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-02 18:22 - 2016-01-21 22:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-02 18:22 - 2016-01-21 22:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-02 18:22 - 2016-01-21 21:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-02 18:22 - 2016-01-21 21:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-02 18:22 - 2016-01-21 21:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-02 18:22 - 2016-01-21 21:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-02 18:22 - 2016-01-21 21:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-02 18:22 - 2016-01-21 21:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-02 18:22 - 2016-01-21 21:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-02 18:22 - 2016-01-21 21:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-02 18:22 - 2016-01-21 21:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-02 18:22 - 2016-01-21 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-02 18:22 - 2016-01-21 21:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 21:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 21:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-02 18:22 - 2016-01-21 21:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-02 18:22 - 2015-12-08 14:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-03-02 18:22 - 2015-12-08 14:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-03-02 18:22 - 2015-12-08 14:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-03-02 18:22 - 2015-12-08 14:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-03-02 18:22 - 2015-12-08 14:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-03-02 18:22 - 2015-12-08 14:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-03-02 18:22 - 2015-12-08 14:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-03-02 18:22 - 2015-12-08 14:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-03-02 18:22 - 2015-12-08 14:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-03-02 18:22 - 2015-12-08 14:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-03-02 18:22 - 2015-12-08 14:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-03-02 18:22 - 2015-12-08 14:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-03-02 18:22 - 2015-12-08 14:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-03-02 18:22 - 2015-12-08 14:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-03-02 18:22 - 2015-12-08 14:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-03-02 18:22 - 2015-12-08 14:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-03-02 18:22 - 2015-12-08 14:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-03-02 18:22 - 2015-12-08 14:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-03-02 18:22 - 2015-12-08 14:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-03-02 18:22 - 2015-12-08 14:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-03-02 18:22 - 2015-12-08 14:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-03-02 18:22 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-03-02 18:22 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-03-02 18:22 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-03-02 18:22 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-03-02 18:22 - 2015-12-08 14:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-03-02 18:22 - 2015-12-08 14:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-03-02 18:22 - 2015-12-08 14:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-03-02 18:22 - 2015-12-08 14:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-03-02 18:22 - 2015-12-08 14:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-03-02 18:22 - 2015-12-08 14:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-03-02 18:22 - 2015-12-08 14:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-03-02 18:22 - 2015-12-08 14:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-03-02 18:22 - 2015-12-08 14:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-03-02 18:22 - 2015-12-08 14:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-03-02 18:22 - 2015-12-08 12:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-03-02 18:22 - 2015-12-08 12:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-03-02 18:22 - 2015-12-08 12:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-03-02 18:22 - 2015-12-08 12:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-03-02 18:22 - 2015-12-08 12:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-03-02 18:22 - 2015-12-08 12:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-03-02 18:22 - 2015-12-08 11:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-03-02 18:22 - 2015-12-08 11:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-03-02 18:22 - 2015-12-08 11:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-03-02 18:22 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-03-02 18:22 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-03-02 18:22 - 2015-11-13 16:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-03-02 18:22 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-03-02 18:22 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-03-02 18:22 - 2015-11-13 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-03-02 18:21 - 2016-01-22 13:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-02 18:21 - 2016-01-22 13:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-02 18:21 - 2016-01-21 23:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-02 18:21 - 2016-01-21 23:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-02 18:21 - 2016-01-21 23:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-02 18:21 - 2016-01-21 23:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-02 18:21 - 2016-01-21 23:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-02 18:21 - 2016-01-21 23:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-02 18:21 - 2016-01-21 23:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-02 18:21 - 2016-01-21 23:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-02 18:21 - 2016-01-21 23:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-02 18:21 - 2016-01-21 23:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-02 18:21 - 2016-01-21 23:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-02 18:21 - 2016-01-21 23:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-02 18:21 - 2016-01-21 23:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-02 18:21 - 2016-01-21 23:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-02 18:21 - 2016-01-21 23:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-02 18:21 - 2016-01-21 23:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-02 18:21 - 2016-01-21 23:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-02 18:21 - 2016-01-21 23:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-02 18:21 - 2016-01-21 23:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-02 18:21 - 2016-01-21 23:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-02 18:21 - 2016-01-21 23:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-02 18:21 - 2016-01-21 23:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-02 18:21 - 2016-01-21 23:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-02 18:21 - 2016-01-21 23:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-02 18:21 - 2016-01-21 23:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-02 18:21 - 2016-01-21 22:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-02 18:21 - 2016-01-21 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-02 18:21 - 2016-01-21 22:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-02 18:21 - 2016-01-21 22:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-02 18:21 - 2016-01-21 22:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-02 18:21 - 2016-01-21 22:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-02 18:21 - 2016-01-21 22:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-02 18:21 - 2016-01-21 22:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-02 18:21 - 2016-01-21 22:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-02 18:21 - 2016-01-21 22:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-02 18:21 - 2016-01-21 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-02 18:21 - 2016-01-21 22:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-02 18:21 - 2016-01-21 22:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-02 18:21 - 2016-01-21 22:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-02 18:21 - 2016-01-21 22:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-02 18:21 - 2016-01-21 22:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-02 18:21 - 2016-01-21 22:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-02 18:21 - 2016-01-21 22:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-02 18:21 - 2016-01-21 22:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-02 18:21 - 2016-01-21 22:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-02 18:21 - 2016-01-21 22:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-02 18:21 - 2016-01-21 22:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-02 18:21 - 2016-01-21 22:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-02 18:21 - 2016-01-21 22:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-02 18:21 - 2016-01-21 22:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-02 18:21 - 2015-12-08 14:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-03-02 18:21 - 2015-12-08 12:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-03-02 18:20 - 2016-02-06 03:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-02 18:20 - 2016-02-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-02 18:20 - 2016-02-06 03:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-02 18:20 - 2016-02-06 03:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-02 18:20 - 2016-02-06 03:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-02 18:20 - 2016-02-06 03:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-02 18:20 - 2016-02-06 02:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-02 18:20 - 2016-02-06 02:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-02 18:20 - 2016-02-06 02:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-02 18:20 - 2016-02-06 02:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-02 18:20 - 2016-02-06 02:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-02 18:20 - 2016-02-06 02:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-02 18:20 - 2016-02-06 02:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-02 18:20 - 2016-02-06 01:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-02 18:20 - 2016-01-16 12:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-02 18:20 - 2016-01-16 11:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-02 18:20 - 2016-01-07 10:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-02 18:20 - 2015-12-11 11:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-02 18:20 - 2015-11-16 13:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-03-02 18:19 - 2016-01-06 12:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-03-02 18:19 - 2016-01-06 12:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-03-02 18:19 - 2016-01-06 11:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-03-02 18:19 - 2015-12-20 11:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-03-02 18:19 - 2015-12-20 11:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-03-02 18:19 - 2015-12-20 07:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-03-02 18:19 - 2015-12-08 14:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-03-02 18:19 - 2015-12-08 12:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-03-02 18:19 - 2015-11-11 11:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-03-02 18:19 - 2015-11-11 11:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-03-02 18:19 - 2015-11-11 11:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-03-02 18:19 - 2015-11-11 11:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-03-02 18:19 - 2015-11-10 11:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-03-02 18:19 - 2015-11-10 11:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-03-02 18:19 - 2015-11-10 11:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-03-02 18:19 - 2015-11-10 11:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-03-02 18:19 - 2015-11-10 11:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-03-02 18:19 - 2015-11-05 12:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-03-02 18:19 - 2015-11-05 12:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-03-02 18:19 - 2015-11-05 02:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-03-02 18:18 - 2016-01-07 10:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-03-02 18:18 - 2015-11-03 12:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-03-02 18:18 - 2015-11-03 12:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-03-02 18:18 - 2015-11-03 11:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-03-02 18:18 - 2015-11-03 11:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-02-29 17:20 - 2016-02-29 17:20 - 00060623 _____ C:\Users\Jill Davis\Downloads\ManageAttachments.php
2016-02-22 06:27 - 2016-02-22 06:27 - 00000000 ____D C:\Users\Public\Documents\sun
2016-02-22 06:26 - 2016-02-22 06:26 - 00000000 ____D C:\Users\Jill Davis\AppData\Roaming\LibreOffice
2016-02-22 06:24 - 2016-02-22 06:24 - 00001500 _____ C:\Users\Public\Desktop\LibreOffice 5.0.lnk
2016-02-22 06:24 - 2016-02-22 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2016-02-22 06:23 - 2016-02-22 06:24 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2016-02-21 20:11 - 2016-02-21 20:17 - 224387072 _____ C:\Users\Jill Davis\Downloads\LibreOffice_5.0.5_Win_x86.msi
2016-02-14 01:33 - 2016-02-21 03:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 16:56 - 2009-07-13 21:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-08 16:56 - 2009-07-13 21:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-08 16:54 - 2014-05-08 15:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b0e3d8bf2e8.job
2016-03-08 16:52 - 2011-03-05 15:34 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2016-03-08 16:48 - 2015-05-14 06:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08e4ded10f36f.job
2016-03-08 16:48 - 2015-02-06 02:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041f3a890ea6.job
2016-03-08 16:48 - 2014-06-20 12:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8cbff5326328.job
2016-03-08 16:48 - 2011-12-20 01:20 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2016-03-08 16:48 - 2010-05-24 07:45 - 00659456 _____ C:\Users\Jill Davis\Documents\MyCalendar.ecf
2016-03-08 16:48 - 2010-04-30 19:34 - 00078032 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2016-03-08 16:47 - 2011-03-05 15:34 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2016-03-08 16:47 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-08 16:39 - 2011-03-05 15:34 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2016-03-08 16:00 - 2015-02-06 02:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d041f3b72845c.job
2016-03-08 16:00 - 2014-10-18 05:49 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfead1f398989e.job
2016-03-08 15:01 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-08 15:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-03-08 04:07 - 2010-05-24 08:03 - 00000000 ____D C:\Users\Jill Davis\Documents\EfficientPIM AutoBackup
2016-03-08 03:59 - 2010-05-14 22:01 - 00000000 ____D C:\Windows\Minidump
2016-03-08 03:58 - 2010-05-14 22:01 - 616603384 _____ C:\Windows\MEMORY.DMP
2016-03-08 00:51 - 2013-03-22 00:50 - 00000000 ____D C:\Users\Jill Davis\Documents\8 - log files, sec stuff
2016-03-06 21:59 - 2015-12-28 17:45 - 00135912 _____ C:\Users\brynn1\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-05 04:34 - 2010-05-04 21:16 - 00000000 ____D C:\Users\Jill Davis\Documents\1 - temp stuff
2016-03-03 22:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-03-02 19:24 - 2009-07-13 21:45 - 00606112 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-02 19:23 - 2012-04-06 00:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-02 19:19 - 2009-07-14 00:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-02 18:53 - 2013-07-10 01:02 - 00000000 ____D C:\Windows\system32\MRT
2016-03-02 18:44 - 2010-04-30 04:10 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-02 18:43 - 2012-04-06 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-02 18:41 - 2012-04-06 00:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-22 06:32 - 2010-04-27 15:22 - 00135912 _____ C:\Users\Jill Davis\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-22 06:30 - 2010-06-01 15:23 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2016-02-21 03:06 - 2012-04-25 20:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-17 17:55 - 2015-10-31 22:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-14 01:07 - 2014-12-12 18:09 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-14 01:07 - 2014-12-12 18:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2010-04-30 19:01 - 2010-04-30 19:04 - 0000046 _____ () C:\Users\Jill Davis\AppData\Roaming\FactoryInstaller.xml
2014-08-24 12:36 - 2015-09-01 16:35 - 0000146 _____ () C:\Users\Jill Davis\AppData\Roaming\licecap.ini
2010-04-30 19:03 - 2010-04-30 19:04 - 11310752 _____ (Absolute Software Corp. ) C:\Users\Jill Davis\AppData\Roaming\LoJackSetup.exe
2011-08-02 09:19 - 2012-04-13 15:03 - 0000304 _____ () C:\Users\Jill Davis\AppData\Roaming\wklnhst.dat
2016-03-08 15:01 - 2016-03-08 15:01 - 0019519 _____ () C:\Users\Jill Davis\AppData\Local\recently-used.xbel
2010-10-03 04:45 - 2014-12-13 17:58 - 0007636 _____ () C:\Users\Jill Davis\AppData\Local\Resmon.ResmonCfg
2014-07-01 23:25 - 2014-07-01 23:25 - 0000003 _____ () C:\ProgramData\AbsoluteNotifier.txt
2015-11-17 23:41 - 2015-11-17 23:41 - 0000003 _____ () C:\ProgramData\Notifier.txt

Some files in TEMP:
====================
C:\Users\Jill Davis\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\W
Back to top
View user's profile Send private message
Brynn
Junior Member


Joined: 16 Apr 2008
Last Visit: 27 Jun 2016
Posts: 13

PostPosted: Tue Mar 08, 2016 4:18 pm    Post subject: Reply with quote

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Jill Davis (2016-03-08 16:56:52)
Running from C:\Users\Jill Davis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-04-27 22:22:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-903929088-2894619512-514016229-500 - Administrator - Disabled)
brynn1 (S-1-5-21-903929088-2894619512-514016229-1003 - Limited - Enabled) => C:\Users\brynn1
Guest (S-1-5-21-903929088-2894619512-514016229-501 - Limited - Disabled)
Jill Davis (S-1-5-21-903929088-2894619512-514016229-1000 - Administrator - Enabled) => C:\Users\Jill Davis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.318.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 9.0.318.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 9.9.47.12 - Absolute Software)
Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.17 - STMicroelectronics)
Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ATI AVIVO64 Codecs (Version: 10.12.0.00122 - ATI Technologies Inc.) Hidden
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.1118.1259 - )
ATI Catalyst Install Manager (HKLM\...\{3EF53D70-F472-9A93-2E09-737FBB4A5AE8}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version: - PopCap Games)
Bitvise SSH Client 4.51 (remove only) (HKLM-x32\...\BvSshClient) (Version: - )
ccc-core-static (x32 Version: 2009.1118.1260.23275 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0122.858.16002 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Complete Care Consumer Service Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)
Cubemaster Gold v4.3 (HKLM-x32\...\Cubemaster_Gold_v4.3) (Version: - )
Dell Driver Download Manager (HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Mobile Broadband Manager (HKLM-x32\...\{23EEC842-57ED-4055-A056-9D4185DFB1AA}) (Version: 6.1.11.3 - Dell)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5744.02 - Dell Inc.)
Dell Support Center (Version: 3.0.5744.02 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 6.1.13.8 - Dell)
Efficient Calendar Free 1.68 (HKLM-x32\...\Efficient Calendar Free_is1) (Version: - Efficient Software)
Enigma (HKLM-x32\...\Enigma) (Version: 1.20 - Enigma Devel)
ESET Smart Security (HKLM\...\{11994064-51F2-45DF-A83E-539B4BFE3F5A}) (Version: 9.0.318.0 - ESET, spol. s r.o.)
EULAlyzer 2.0 (HKLM-x32\...\EULAlyzer_is1) (Version: 2.0.0 - Javacool Software LLC)
GIMP 2.6.8 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
Gold Miner SE Free Trial (HKLM-x32\...\Gold Miner SE Free Trial_is1) (Version: - Grab Games)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
Hexagon Mahjongg (HKLM-x32\...\Hexagon Mahjongg) (Version: 1.00.08.03.26 - Selectsoft Publishing)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6267.0 - IDT)
Inkscape 0.91 (HKLM-x32\...\Inkscape) (Version: 0.91 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.00.1030 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
Jardinains! (HKLM-x32\...\Jardinains!) (Version: - )
Jewel Quest II (remove only) (HKLM-x32\...\Jewel Quest II) (Version: - )
Jewel Quest Solitaire II (remove only) (HKLM-x32\...\Jewel Quest Solitaire II) (Version: - )
Jungle Fruit Free Trial (HKLM-x32\...\Jungle Fruit Free Trial_is1) (Version: - JetAcer)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LibreOffice 5.0.5.2 (HKLM-x32\...\{43D862C3-739D-4FF6-91C0-25612368CC81}) (Version: 5.0.5.2 - The Document Foundation)
Liong the Dragon Free Trial (HKLM-x32\...\Liong the Dragon Free Trial_is1) (Version: - Always Neat)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Mah Jong Quest II (remove only) (HKLM-x32\...\Mah Jong Quest II) (Version: - )
Mahjong Journey of Enlightenment (HKLM-x32\...\Mahjong Journey of Enlightenment) (Version: - )
Mahjong World (HKLM-x32\...\Mahjong World) (Version: - )
Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
NASA World Wind 1.4 (HKLM-x32\...\NASA World Wind 1.4) (Version: - )
NASAEyes (HKLM-x32\...\{3E9B108D-9985-4043-B0B0-29F29221C9A6}) (Version: 1.0.0.0 - JPL/NASA-Caltech)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Puzzle Express Free Trial (HKLM-x32\...\Puzzle Express Free Trial) (Version: - )
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.11 - Dell Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
RENESIS® Player Browser Plugins (HKLM-x32\...\{2CBE278F-B04E-419B-BF25-98DC25997C3A}) (Version: 1.1.1 - examotion® GmbH)
RENESIS® Player Windows Thumbnail Plugin (HKLM-x32\...\{7AEC1844-D580-4D5D-8A1C-6DB7BDEDC2C9}) (Version: 1.1.1 - examotion® GmbH)
RICOH Media Driver ver.2.07.01.04 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.04 - RICOH)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
ShisenSho 0.3.0 (HKLM-x32\...\ShisenSho) (Version: 0.3.0 - Danny Strümpel)
Skins (x32 Version: 2009.1118.1260.23275 - ATI) Hidden
SmileyPad v2.28 (HKLM-x32\...\SmileyPad_is1) (Version: - SmileyPad)
Sound Blaster X-Fi MB (HKLM-x32\...\{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}) (Version: 1.0 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sudoku, Kakuro + Friends 1.00 (HKLM-x32\...\Sudoku, Kakuro + Friends) (Version: 1.00 - cerasus.media)
SVG Explorer Extension 0.1.1 (HKLM\...\{4CA20D9A-98AC-4DD6-9C16-7449F29AC08A}_is1) (Version: 0.1.1 - Dotz Softwares)
Tupi version 0.2-4 (HKLM-x32\...\Tupi_is1) (Version: 0.2-4 - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Twistingo Free Trial (HKLM-x32\...\Twistingo Free Trial_is1) (Version: - AlwaysNeat)
Virus 3 Free Trial (HKLM-x32\...\Virus 3 Free Trial_is1) (Version: - Jetacer Interactive)
Visual IRC 2.0 (HKLM-x32\...\Visual IRC_is1) (Version: - MeGALiTH Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {040A0D42-3F15-4DB1-90A4-7E56BEF8CE9E} - System32\Tasks\{3ADB18A6-BB39-4FCA-A827-B9FAF32091E2} => C:\Program Files (x86)\CHMC\Digital Photo Album for the CASIO EXILIM Phone\MssAlbum.exe
Task: {0774E6F9-598B-4884-B103-F6B2CC758026} - System32\Tasks\GoogleUpdateTaskMachineCore1d041f3a890ea6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {0BFED869-2411-4343-9EF2-DFF7EBDEC661} - System32\Tasks\{B7F4ECE2-1D8B-4302-B60D-EA5AFB03E425} => C:\Program Files (x86)\Games\iWin Games\iWinGames.exe
Task: {0D43E211-F9C3-4CBB-BAC8-087E244630BA} - System32\Tasks\{BEA08920-0C74-4CEA-81DB-E212F5D7A875} => pcalua.exe -a "C:\Users\Jill Davis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYE6YPPX\CASIOUSBDriverV1.0.8003.1229[1].exe" -d "C:\Users\Jill Davis\Desktop"
Task: {0E1F8561-C446-476B-8DBB-5EBF10D8BE22} - System32\Tasks\{FB3216D8-BF54-45E3-BFA9-439DB9D32193} => C:\Program Files (x86)\SmileyPad\SmileyPad.exe [2006-04-14] (SmileyPad)
Task: {1CFECC83-418B-4857-83A0-396BA0251F3F} - System32\Tasks\{91430531-60BB-4AA3-AA55-49583D8D3027} => pcalua.exe -a "C:\Users\Jill Davis\Downloads\email stationery\artsy.exe" -d "C:\Users\Jill Davis\Downloads\email stationery"
Task: {1E1A6280-37F9-4199-BC2D-1CCE7BD364C5} - System32\Tasks\{C7D1BE81-F1D6-44E7-8ECD-DC00CDEE8200} => pcalua.exe -a "C:\Users\Jill Davis\Downloads\email stationery\purple.exe" -d "C:\Users\Jill Davis\Downloads\email stationery"
Task: {232077C5-EF74-4BD8-9D42-45710A08D4C1} - System32\Tasks\{FBC2045D-A358-471C-A7C7-A121FA104449} => pcalua.exe -a "C:\Users\Jill Davis\Downloads\email stationery\summer.exe" -d "C:\Users\Jill Davis\Downloads\email stationery"
Task: {2552E018-8755-49DE-8C53-DF18522A076B} - System32\Tasks\{7DCE5C0A-0F3E-4FF2-935B-A434DC8AD038} => C:\Program Files (x86)\SmileyPad\SmileyPad.exe [2006-04-14] (SmileyPad)
Task: {2E77E78E-541C-43C0-8DAF-27DF4F0B341B} - System32\Tasks\{5A5BA139-4760-42A5-A373-ACF8FDF2164C} => C:\Program Files (x86)\SmileyPad\SmileyPad.exe [2006-04-14] (SmileyPad)
Task: {4A7F1D4D-BD35-46C7-88F0-4C937E1DF2A8} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6b0e3d8bf2e8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5772AC9E-D5F4-4F79-8C8D-C91A9E9FFA1C} - System32\Tasks\{E2CC502F-5C6F-47EB-80DB-9AADAB538504} => pcalua.exe -a "C:\Users\Jill Davis\Downloads\email stationery\blue.exe" -d "C:\Users\Jill Davis\Downloads\email stationery"
Task: {67276341-899D-443B-BC53-E585A49574C1} - System32\Tasks\{63A80775-13D2-4E96-8153-8CFF6B739C1E} => C:\Program Files (x86)\Games\Bejeweled 2 Deluxe\Bejeweled2.exe [2010-12-09] (PopCap.com)
Task: {6EBD93DE-311F-494D-BE6C-61B5D69A278B} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {70A1AE34-F58F-45D5-9C6C-0A027A6FF815} - System32\Tasks\{896DF819-D42B-40A1-885F-5B8A679F7F95} => pcalua.exe -a "C:\Users\Jill Davis\Downloads\email stationery\green.exe" -d "C:\Users\Jill Davis\Downloads\email stationery"
Task: {7DE9E2A3-C92A-4388-818C-7EDD5AC6B3FE} - System32\Tasks\{0A63FF32-7CAC-488A-8BF8-3FF2588C1ABD} => Firefox.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {7E2EB650-4C3C-4A74-9EB9-A7D4BD195865} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {800EAF46-F4D5-4E6B-9821-437FE731C9FD} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {863DFD61-C187-4178-9136-E7FC2F8D5F75} - System32\Tasks\{85418C8C-84D3-4DC0-AC65-B903C0F61895} => pcalua.exe -a "C:\Users\Jill Davis\Downloads\email stationery\nature.exe" -d "C:\Users\Jill Davis\Downloads\email stationery"
Task: {8D08A73B-27E9-4187-9398-8061D7083231} - System32\Tasks\{99AD2B23-4B51-460E-991B-055B12694643} => pcalua.exe -a "C:\Users\Jill Davis\Downloads\email stationery\wild.exe" -d "C:\Users\Jill Davis\Downloads\email stationery"
Task: {9560671A-B428-42C4-A027-D4A7F983B3A2} - System32\Tasks\{A5376DDE-8C14-417D-8060-6D6D42DD08FE} => pcalua.exe -a "C:\Drivers\updated drivers 5-2-10\R258794.exe" -d "C:\Drivers\updated drivers 5-2-10"
Task: {96F14247-B3B7-48CE-BC32-C80941BCAB5A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {AABB958F-5768-4A95-B544-CF6E6C7B64D1} - System32\Tasks\{CB8476C4-E34D-4226-9540-7B6C14375C87} => pcalua.exe -a "D:\DRIVER\CASIO USB Driver V1.0.8003.1229.exe" -d D:\DRIVER
Task: {B1335461-A5C4-4EBA-9296-39DC6AA04DBF} - System32\Tasks\{B5211964-53E2-4DA0-97AD-62D239794240} => pcalua.exe -a "C:\Users\Jill Davis\Downloads\directx_9c_oct05sdk_redist.exe" -d "C:\Users\Jill Davis\Downloads"
Task: {BB17C841-12CF-401C-A975-010FD25FB29C} - System32\Tasks\{CC0F878E-84E7-47F9-AC54-3FE5E18A6AA2} => pcalua.exe -a "C:\Users\Jill Davis\Downloads\email stationery\thankyou.exe" -d "C:\Users\Jill Davis\Downloads\email stationery"
Task: {BCC576CA-1E43-4853-93AA-A5AB2E6C604B} - System32\Tasks\{DE4290A0-1E40-40D1-B69E-CD478AAB6801} => pcalua.exe -a "C:\Users\Jill Davis\Downloads\Alchemy-008\Alchemy\Alchemy.exe" -d "C:\Users\Jill Davis\Downloads\Alchemy-008\Alchemy"
Task: {BF74A1F1-5A33-41D0-B5CA-278F57AFE6C0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {C1EB2D1D-F9F7-47D2-9C01-FAB29D7BF138} - System32\Tasks\{2E16EC94-1C10-4AC7-B167-9E6B6989C3EA} => pcalua.exe -a "C:\Users\Jill Davis\Downloads\email stationery\flowers.exe" -d "C:\Users\Jill Davis\Downloads\email stationery"
Task: {CBD87118-12D4-4A11-AE96-46848D3DF6C6} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8cbff5326328 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CE33592A-475B-425D-8B38-D4F24F2516B4} - System32\Tasks\GoogleUpdateTaskMachineUA1d041f3b72845c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D8203708-93BB-4B74-8839-0A2E68BBCA2C} - System32\Tasks\GoogleUpdateTaskMachineUA1cfead1f398989e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D8309798-96B6-4E01-99D5-0AD88B2DB01D} - System32\Tasks\{165584B2-68B1-426F-8BD0-CCC2B9F1F507} => C:\Program Files (x86)\SmileyPad\SmileyPad.exe [2006-04-14] (SmileyPad)
Task: {DB74A7C6-B853-4E13-AFD2-224EAB921062} - System32\Tasks\GoogleUpdateTaskMachineCore1d08e4ded10f36f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DC6D84A1-347F-49CC-9DCC-C73C182CA576} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {E6EBB261-5E74-4491-A1FB-E662E32C0A47} - System32\Tasks\{AFB901CE-46E6-4DE2-8C32-65C687E970E4} => C:\Program Files (x86)\CHMC\Digital Photo Album for the CASIO EXILIM Phone\MssAlbum.exe
Task: {E908AEA7-5A0C-4EE7-B1F2-5DFBDC3B170A} - System32\Tasks\{E2B0645F-C484-4B85-9874-4DE84ACD1373} => pcalua.exe -a "C:\Users\Jill Davis\Documents\My Stationery\artsy.exe" -d "C:\Users\Jill Davis\Documents\My Stationery"
Task: {E9E507E0-55D7-402D-97F4-FB7C1ECCC3A2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8cbff5326328.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041f3a890ea6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08e4ded10f36f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b0e3d8bf2e8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfead1f398989e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d041f3b72845c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-09-21 12:04 - 2009-09-21 12:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-03-25 12:53 - 2009-06-23 14:02 - 00060928 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
2012-06-18 08:24 - 2012-06-18 08:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2010-03-25 12:53 - 2009-07-22 06:52 - 02384896 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
2009-09-21 12:04 - 2009-09-21 12:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2009-12-15 20:14 - 2009-12-15 20:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2010-05-02 22:45 - 2009-11-26 10:53 - 00447488 ____R () C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
2014-12-19 09:17 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-19 09:17 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-19 09:17 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-19 09:17 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-19 09:17 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2010-05-02 22:45 - 2009-03-25 19:08 - 00058880 ____R () C:\Program Files (x86)\Dell\Dell WWAN\WMCore\MBMDebug.dll
2015-12-22 07:02 - 2015-12-22 07:02 - 00069632 _____ () C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\bin\PlainOldFavorites.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:16CF9527 [276]
AlternateDataStreams: C:\ProgramData\TEMP:4FD750D6 [284]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\TEMP:84098FD3 [116]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\//irc.freenode.net/#scribus -> //irc.freenode.net/#scribus
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\absolute.com -> hxxps://lojackforlaptops.absolute.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\acronis.com -> hxxps://acronis.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\acronis.com -> hxxp://acronis.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\adobe.com -> hxxp://adobe.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\adobe.com -> hxxps://adobe.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\ati.com -> hxxp://ati.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\bbb.org -> hxxp://www.bbb.org
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\berlios.de -> hxxp://berlios.de
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\calendarofupdates.com -> hxxp://www.calendarofupdates.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\cirque.com -> hxxp://www.cirque.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\cleverbridge.com -> hxxp://cleverbridge.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\cnet.com -> hxxp://cnet.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\com.com -> hxxp://dw.com.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\dell.com -> ftp.us.dell.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\dellconnect.com -> hxxp://www.dellconnect.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\dellsupportcenter.com -> hxxp://dellsupportcenter.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\denvergov.org -> hxxp://www.denvergov.org
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\deviantart.com -> hxxp://deviantart.com
IE trusted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\deviantart.com -> hxxps://deviantart.com

There are 105 more sites.

IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12684 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-01-24 17:22 - 00499989 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu

There are 12286 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-903929088-2894619512-514016229-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jill Davis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9B708371-C040-4359-BEE4-55C8E6D6BA12}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F330193C-AC22-417A-B914-B18658857633}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D3E6087A-4D23-4C12-B9A4-0202BF3693AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{56EFF900-AD9C-476E-8F0E-F80665491B23}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{1C41E17E-258B-4FD6-A6DC-B289C2684AFA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{590C9088-2CC1-4068-BBA2-BEF40CF48DA2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AE9564EB-DCF2-400E-ADDF-84A21F128CDB}] => (Allow) svchost.exe
FirewallRules: [{3F0A3CF3-FF48-45AE-938F-6668A1CC0041}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{3812C437-67CD-4B4B-A034-6F6490EAF4A2}] => (Allow) C:\Program Files (x86)\Games\iWin Games\iWinGames.exe
FirewallRules: [{99F3531C-ACCE-44DA-A213-EA28EC0D843D}] => (Allow) C:\Program Files (x86)\Games\iWin Games\iWinGames.exe
FirewallRules: [{1E04B683-C89F-44C5-A068-B044AD223F65}] => (Allow) C:\Program Files (x86)\Games\iWin Games\WebUpdater.exe
FirewallRules: [{159653CC-EDEC-4944-8088-887A4A18E86B}] => (Allow) C:\Program Files (x86)\Games\iWin Games\WebUpdater.exe
FirewallRules: [{C0BB70A0-E92C-4CC1-B128-F180E43E8F71}] => (Allow) C:\Program Files (x86)\Games\iWin Games Manager\iWinGames.exe
FirewallRules: [{26699BD5-2984-4135-B90C-D0BCEB8F3718}] => (Allow) C:\Program Files (x86)\Games\iWin Games Manager\iWinGames.exe
FirewallRules: [{5CDCCB8A-4DC2-4883-AD18-2B7639B2EAD3}] => (Allow) C:\Program Files (x86)\Games\iWin Games Manager\WebUpdater.exe
FirewallRules: [{C8326F5D-1E28-47CC-9EE2-F1E7204B9984}] => (Allow) C:\Program Files (x86)\Games\iWin Games Manager\WebUpdater.exe
FirewallRules: [{3BD0C029-38AF-47F8-B220-11D726D80B8C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5907C384-5BF4-490E-9E6A-CACEB56FC6DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EC01E500-2B7F-44E4-BDF5-A9AF7B0DAFF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C67FFC72-5214-4A35-8959-C9DA30047B7C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

22-02-2016 06:20:34 Installed LibreOffice 5.0.5.2
22-02-2016 06:28:19 Removed OpenOffice.org 3.2
29-02-2016 19:07:54 Windows Update
02-03-2016 18:22:59 Windows Update
07-03-2016 19:06:48 Windows Update
07-03-2016 19:36:21 Removed GlidePoint® Touchpad Driver 3 (64-bit)
07-03-2016 19:41:25 Installed GlidePoint® Touchpad Driver 3 (64-bit)
08-03-2016 10:09:40 Removed GlidePoint® Touchpad Driver 3 (64-bit)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2016 02:08:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: glidesvc.exe, version: 3.4.1.4, time stamp: 0x4a0c92bd
Faulting module name: hid.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf19
Exception code: 0xc0000005
Fault offset: 0x0000000000003e79
Faulting process id: 0x944
Faulting application start time: 0xglidesvc.exe0
Faulting application path: glidesvc.exe1
Faulting module path: glidesvc.exe2
Report Id: glidesvc.exe3

Error: (03/07/2016 06:37:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/07/2016 06:37:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/06/2016 05:09:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: glidesvc.exe, version: 3.5.3.5, time stamp: 0x4d910386
Faulting module name: hid.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf19
Exception code: 0xc0000005
Fault offset: 0x0000000000003e79
Faulting process id: 0x8c0
Faulting application start time: 0xglidesvc.exe0
Faulting application path: glidesvc.exe1
Faulting module path: glidesvc.exe2
Report Id: glidesvc.exe3

Error: (03/01/2016 05:05:10 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/01/2016 05:03:40 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/01/2016 05:03:35 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (03/01/2016 05:03:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (02/28/2016 01:42:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417
Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e
Exception code: 0x80000003
Fault offset: 0x0000ed3b
Faulting process id: 0x878
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/28/2016 01:42:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 44.0.2.5884 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1414

Start Time: 01d1713e1f89ec0f

Termination Time: 19770

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 161180cd-ddf7-11e5-a539-b8ac6f5cd4e7


System errors:
=============
Error: (03/08/2016 04:47:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (03/08/2016 04:46:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (03/08/2016 04:46:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (03/08/2016 04:46:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (03/08/2016 04:46:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (03/08/2016 04:45:31 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (03/08/2016 04:45:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/08/2016 04:45:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/08/2016 04:45:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/08/2016 04:45:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-03-08 04:13:46.509
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\glideusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-08 04:13:46.384
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\glideusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-08 04:05:28.880
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\glideusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-08 04:05:28.756
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\glideusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-08 04:01:52.831
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\glideusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-08 04:01:52.690
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\glideusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-08 03:59:58.774
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\glideusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-08 03:59:58.650
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\glideusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-08 03:59:22.287
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\glideusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-08 03:59:22.162
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\glideusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 50%
Total physical RAM: 4028.54 MB
Available physical RAM: 1997.29 MB
Total Virtual: 8055.28 MB
Available Virtual: 5776.96 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:205.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: DF180B05)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Back to top
View user's profile Send private message
Brynn
Junior Member


Joined: 16 Apr 2008
Last Visit: 27 Jun 2016
Posts: 13

PostPosted: Tue Mar 08, 2016 4:26 pm    Post subject: Reply with quote

Ok, I think I got them alright. I might have forgotten to run AdwCleaner as admin. It gave me a file, so I think it worked ok, but I can redo it if necessary.

Thank you very much Very Happy
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Wed Mar 09, 2016 7:58 am    Post subject: Reply with quote

Hi Brynn,
Quote:
Sorry for the duplicate posts. I kept getting an error that the server was reset, and I didn't realize the message was being posted each time re-sent it. I thought it wasn't being posted at all.
No problem Wink
Quote:
I have a question about your instructions to make a backup. I do back up my system, more or less regularly, and did so within the last week or so. But if I suspect there might be a malware, won't backing up risk infecting the storage device?
Possibly, but having an infected backup is better than no backup at all.
It's rare that something goes wrong during the cleaning process but it has happened.
Quote:
Just for your info. Since posting the op, the external mouse (and now I suspect its software has become corrupt somehow) died completely. So I have uninstalled it again, and I'm using the laptop's built-in mouse (which is pretty awful, and the reason I use the external mouse in the first place - but it's better than nothing Wink)

There are signs of infection in your logs that we will take care of, but i can's say that this is causing the problems you describe.
Lets clean things up and see.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy and Paste the following script into Notepad, Do not include the word Code:

    Code:

    HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\MountPoints2: {691027b4-6fe0-11df-a3cc-b8ac6f5cd4e7} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\MountPoints2: {6e36d8ed-3c83-11e1-a9d8-b8ac6f5cd4e7} - "E:\WD SmartWare.exe" autoplay=true
    ProxyEnable: [S-1-5-21-903929088-2894619512-514016229-1000] => Proxy is enabled.
    ProxyServer: [S-1-5-21-903929088-2894619512-514016229-1000] => localhost:21320
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-903929088-2894619512-514016229-1000 -> {420AC160-6991-4D32-B3A2-87FDDA1BD499} URL =
    SearchScopes: HKU\S-1-5-21-903929088-2894619512-514016229-1000 -> {A9A2CB49-FE1A-472B-B717-A5890A62BEAF} URL =
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0_18\bin\jp2ssv.dll => No File
    C:\Users\Jill Davis\AppData\Local\Temp\sqlite3.dll
    AlternateDataStreams: C:\ProgramData\TEMP:16CF9527 [276]
    AlternateDataStreams: C:\ProgramData\TEMP:4FD750D6 [284]
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
    AlternateDataStreams: C:\ProgramData\TEMP:84098FD3 [116]

    Hosts:
    EmptyTemp:
    RemoveProxy:
    CMD: ipconfig /flushdns

  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

Run Microsoft Safety Scanner

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to Microsoft Safety Scanner

  • Click Download Now
  • When asked to Run or Save, choose Run. (Unless it's to be run on a different PC)
  • OK the User Account Permission or the query "Do you want to run this software".
  • If you get a message saying "running this type of program could harm your computer" or similar, just ignore it and tell it to Run anyway.
  • Click the box to Accept the license agreement. Click Next.
  • Click Next to run the Scan.
  • Click the Quick Scan button. (... also Full Scan option)
  • Click Next

  • (If it finds nothing, it will just Exit. It still does create a report file.)
  • If it has found anything, check the box titled "Help Remove potentially unwanted software"
  • Click Next.
  • (The Dialog label will become "Cleaning your computer"). It may take a while.
  • After this operation completes, click Finish.
  • When removals are complete, it will report through a link, "View detailed results of the scan"
  • Clicking the link will popup a report in Notepad.
  • Please post the contents of the file in a reply.
  • The report file is also saved here: C:\Windows\debug\msert.log


Logs/Information to Post in your Next Reply
  • FRST Fixlog.txt.
  • msert.log.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Brynn
Junior Member


Joined: 16 Apr 2008
Last Visit: 27 Jun 2016
Posts: 13

PostPosted: Wed Mar 09, 2016 5:56 pm    Post subject: Reply with quote

Ok, so I've finished the first part. Do I understand correctly that was to fix whatever went wrong with the adware cleaning?

Edit - The alert from WinPatrol about a RunOnce startup program was expected? I ok'd it.

Regarding the 2nd part, do I understand correctly that you want me to remain logged on to the internet with my av disabled?

Would it be any safer if I browse to the MS page before I disable it?

When I click the Quick Scan button, is it going to close my browser, like the previous Fix did? Just want to know if I need to write down the next steps.

At what point do I re-enable the av? After I click Finish?

When you want an update on my computer's performance, do you mean that I should reinstall the external mouse's software, and reconnect the mouse?

Thanks Smile
Back to top
View user's profile Send private message
Brynn
Junior Member


Joined: 16 Apr 2008
Last Visit: 27 Jun 2016
Posts: 13

PostPosted: Wed Mar 09, 2016 6:10 pm    Post subject: Reply with quote

When I reinstalled the mouse sw the first time, I reinstalled from a file I had on my computer. Now I'm suspecting that's become corrupted.

But maybe not, who knows, at this point?

Anyway, I think I might have a cd of the current software, so I wonder if I should reinstall from the cd?

I realize that if the problem is with the software I had previously installed, and if it seems to be fixed after installing from cd, we won't really know if the problem was the traces of malware that you saw, or the mouse sw.

It's just that reinstalling that file that I think could be corrupt would risk another crash. So I'm not sure which would be the best way.

What do you think?

Thanks.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Mar 10, 2016 3:16 am    Post subject: Reply with quote

Quote:
Ok, so I've finished the first part. Do I understand correctly that was to fix whatever went wrong with the adware cleaning?

Nothing went wrong with the adware cleaning, that last fix was for some items that showed in the FRST scan you ran.
Please post the FRST Fixlog.txt in your next reply.
Quote:
Regarding the 2nd part, do I understand correctly that you want me to remain logged on to the internet with my av disabled?

Yes just while you run the Microsoft Safety Scanner, you can re-enable your AV after the scan.
Regarding the problem with your mouse, we need to clean your computer then see where we stand.
If malware is not the cause of your mouse problem, i will need to direct yo to a forum who deal with non-malware related problems.
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Brynn
Junior Member


Joined: 16 Apr 2008
Last Visit: 27 Jun 2016
Posts: 13

PostPosted: Thu Mar 10, 2016 3:32 am    Post subject: Reply with quote

Quote:
Nothing went wrong with the adware cleaning, that last fix was for some items that showed in the FRST scan you ran.


Oh, I misunderstood one of your earlier comments. Sorry.

Here's the last log, and I'll work on the next step.

TA

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Jill Davis (2016-03-09 18:31:15) Run:1
Running from C:\Users\Jill Davis\Desktop
Loaded Profiles: Jill Davis (Available Profiles: Jill Davis & brynn1)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\MountPoints2: {691027b4-6fe0-11df-a3cc-b8ac6f5cd4e7} - E:\LaunchU3.exe -a
HKU\S-1-5-21-903929088-2894619512-514016229-1000\...\MountPoints2: {6e36d8ed-3c83-11e1-a9d8-b8ac6f5cd4e7} - "E:\WD SmartWare.exe" autoplay=true
ProxyEnable: [S-1-5-21-903929088-2894619512-514016229-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-903929088-2894619512-514016229-1000] => localhost:21320
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-903929088-2894619512-514016229-1000 -> {420AC160-6991-4D32-B3A2-87FDDA1BD499} URL =
SearchScopes: HKU\S-1-5-21-903929088-2894619512-514016229-1000 -> {A9A2CB49-FE1A-472B-B717-A5890A62BEAF} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.6.0_18\bin\jp2ssv.dll => No File
C:\Users\Jill Davis\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\ProgramData\TEMP:16CF9527 [276]
AlternateDataStreams: C:\ProgramData\TEMP:4FD750D6 [284]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\TEMP:84098FD3 [116]

Hosts:
EmptyTemp:
RemoveProxy:
CMD: ipconfig /flushdns
*****************

"HKU\S-1-5-21-903929088-2894619512-514016229-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{691027b4-6fe0-11df-a3cc-b8ac6f5cd4e7}" => key removed successfully
HKCR\CLSID\{691027b4-6fe0-11df-a3cc-b8ac6f5cd4e7} => key not found.
"HKU\S-1-5-21-903929088-2894619512-514016229-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e36d8ed-3c83-11e1-a9d8-b8ac6f5cd4e7}" => key removed successfully
HKCR\CLSID\{6e36d8ed-3c83-11e1-a9d8-b8ac6f5cd4e7} => key not found.
HKU\S-1-5-21-903929088-2894619512-514016229-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-903929088-2894619512-514016229-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-903929088-2894619512-514016229-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{420AC160-6991-4D32-B3A2-87FDDA1BD499}" => key removed successfully
HKCR\CLSID\{420AC160-6991-4D32-B3A2-87FDDA1BD499} => key not found.
"HKU\S-1-5-21-903929088-2894619512-514016229-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9A2CB49-FE1A-472B-B717-A5890A62BEAF}" => key removed successfully
HKCR\CLSID\{A9A2CB49-FE1A-472B-B717-A5890A62BEAF} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
C:\Users\Jill Davis\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\ProgramData\TEMP => ":16CF9527" ADS removed successfully.
C:\ProgramData\TEMP => ":4FD750D6" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":84098FD3" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-903929088-2894619512-514016229-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-903929088-2894619512-514016229-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 428.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:32:05 ====
Back to top
View user's profile Send private message
Brynn
Junior Member


Joined: 16 Apr 2008
Last Visit: 27 Jun 2016
Posts: 13

PostPosted: Thu Mar 10, 2016 4:12 am    Post subject: Reply with quote

Ok, it said that no problems were found.

So that's the good news and the bad news, right?
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Mar 10, 2016 6:37 am    Post subject: Reply with quote

Quote:
Ok, it said that no problems were found.

So that's the good news and the bad news, right?

The problems you're still experiencing are not coming from malware, as your latest logs appear to be clean
As this is a dedicated Malware Removal site, (we specialises solely in the removal of Malware). I'm afraid i will have to direct you to experts elsewhere.
Here are some excellent "General Computer Help" forums, where they have people trained to deal with non-Malware related issues.

Please don't think that I'm abandoning you, I'm just directing you towards sources of help which I feel are more likely to resolve your problems.
If anyone asks if you've been checked for malware, please feel free to refer them to this topic.

Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Remove disinfection tools

  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Brynn
Junior Member


Joined: 16 Apr 2008
Last Visit: 27 Jun 2016
Posts: 13

PostPosted: Thu Mar 10, 2016 8:59 am    Post subject: Reply with quote

Quote:
Please don't think that I'm abandoning you....


Oh no, not at all. I understand.

delfix did not remove anything. Hhmm, maybe I need a restart....
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Mar 10, 2016 9:17 am    Post subject: Reply with quote

Brynn wrote:


delfix did not remove anything. Hhmm, maybe I need a restart....

If any of the tools or logs we used are still on your computer just delete them Wink
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Brynn
Junior Member


Joined: 16 Apr 2008
Last Visit: 27 Jun 2016
Posts: 13

PostPosted: Thu Mar 10, 2016 9:19 am    Post subject: Reply with quote

Ok, it removed about half the stuff. And I can take care of the rest.

Thank you very much for checking out my system. And thanks for the referrals!

You can close the topic Very Happy
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 13 Oct 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Mar 10, 2016 10:37 am    Post subject: Reply with quote

Brynn wrote:


Thank you very much for checking out my system. And thanks for the referrals!

You can close the topic Very Happy

You're most welcome, good luck solving the problem with your mouse.
Quote:
As your Malware issues appear to be resolved, this topic is now closed.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group