Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Check my system please

This is a discussion on Check my system please within the Resolved HJT Threads forums, part of the Tech Support Forum category. Could someone please check my system?? I do not have a specific problem other than it is running slow and


 
 
Thread Tools Search this Thread
Old 04-18-2017, 09:44 AM   #1
I helped the forums.
 
Join Date: May 2010
Location: Georgia USA
Posts: 50
OS: Widows 7 Pro



Could someone please check my system??
I do not have a specific problem other than it is running slow and the hard drive hammers almost all of the time. Every once and awhile I get a screen popup from Google wanting me to prove I am not a robot. It says my PC is generating a lot of traffic. AV scans turn up negative.
Thanks,
Julian

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18639 BrowserJavaVersion: 11.121.2
Run by JG at 12:31:52 on 2017-04-18
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3957.2817 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\AMT\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Intel\AMT\atchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ContourCameraFinder] "C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe"
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACROBA~1.LNK - C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop (1).ini
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{9F009CC5-0A6E-40CF-B394-4B78E2459293} : DHCPNameServer = 192.168.254.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [atchk] "C:\Program Files (x86)\Intel\AMT\atchk.exe"
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JG\AppData\Roaming\Mozilla\Firefox\Profiles\audmwbwx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-2-16 43112]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files (x86)\Intel\AMT\UNS.exe [2014-6-21 2519040]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2014-6-21 70168]
R3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [2013-7-11 41192]
R3 WNDA3100v3;NETGEAR WNDA3100v3 USB Wireless LAN Card Driver;C:\Windows\System32\drivers\WNDA3100v3.sys [2014-10-8 2225808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-3-20 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-3-20 125064]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-4-12 114688]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 135928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-21 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-9-5 31800]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;C:\Windows\System32\drivers\RTL2832U_IRHID.sys [2009-10-5 44320]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;C:\Windows\System32\drivers\RTL2832UBDA.sys [2010-6-11 224288]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;C:\Windows\System32\drivers\RTL2832UUSB.sys [2010-6-11 38944]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-21 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-21 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2016-3-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-21 1255736]
.
=============== Created Last 30 ================
.
2017-04-18 12:18:11 12774864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8B1E59E-6A89-426E-B3D1-598C566DC724}\mpengine.dll
2017-04-18 12:17:09 12774864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-04-05 20:03:57 -------- d-----w- C:\Users\JG\AppData\Roaming\Unitrunker
2017-04-05 20:03:57 -------- d-----w- C:\Program Files (x86)\Unitrunker
2017-04-05 00:38:18 232016 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2017-04-04 13:10:59 90112 ----a-w- C:\Windows\SysWow64\pintlgnt.ime
2017-04-03 15:57:35 142336 ----a-w- C:\Windows\System32\poqexec.exe
2017-04-03 15:57:35 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2017-04-03 15:07:19 90624 ----a-w- C:\Windows\SysWow64\olepro32.dll
2017-03-23 12:41:22 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FBE345A-BEC9-49EC-BE4B-2BEE1451FD6A}\gapaengine.dll
2017-03-20 04:48:06 28352 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2017-03-20 04:48:06 19112 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2017-03-20 04:48:06 19112 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2017-03-20 04:48:06 19112 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2017-03-20 04:41:38 30400 ----a-w- C:\Windows\System32\aspnet_counters.dll
2017-03-20 04:41:38 19112 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2017-03-20 04:41:38 19112 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2017-03-20 04:41:38 19112 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
.
==================== Find3M ====================
.
2017-04-07 2258 532136 ------w- C:\Windows\System32\MpSigStub.exe
2017-03-25 19:07:13 4604416 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-03-25 18:55:14 2767360 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-03-25 18:48:24 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-03-25 18:47:47 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-03-25 18:47:21 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-03-25 18:46:31 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-03-25 18:46:28 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-03-25 18:45:33 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-03-25 18:45:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-03-25 18:45:03 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-03-25 18:44:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-03-25 18:35:43 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-03-25 18:35:29 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-03-25 18:16:09 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-03-25 18:14:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-03-25 18:14:34 417792 ----a-w- C:\Windows\System32\html.iec
2017-03-25 18:13:58 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-03-25 18:13:43 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-03-25 17:56:51 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-03-25 17:56:50 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-03-25 17:56:17 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-03-25 17:45:17 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-03-25 17:41:08 6045696 ----a-w- C:\Windows\System32\jscript9.dll
2017-03-25 17:30:52 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-03-25 17:19:30 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-03-25 16:57:57 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-03-25 16:57:30 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-03-25 16:27:02 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-03-25 16:24:24 3241472 ----a-w- C:\Windows\System32\wininet.dll
2017-03-24 22:50:50 405504 ----a-w- C:\Windows\System32\gdi32.dll
2017-03-24 22:42:06 313344 ----a-w- C:\Windows\SysWow64\gdi32.dll
2017-03-22 15:32:05 98816 ----a-w- C:\Windows\System32\wudriver.dll
2017-03-22 15:32:05 3165184 ----a-w- C:\Windows\System32\wucltux.dll
2017-03-22 15:32:05 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2017-03-22 15:30:15 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2017-03-22 15:24:42 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2017-03-22 15:15:15 37888 ----a-w- C:\Windows\System32\wuapp.exe
2017-03-22 15:15:08 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2017-03-22 15:05:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2017-03-22 15:05:35 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2017-03-21 01:52:34 802904 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2017-03-21 01:52:34 144472 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-03-14 15:34:31 986344 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2017-03-14 15:34:30 265448 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2017-03-14 15:30:37 144384 ----a-w- C:\Windows\System32\cdd.dll
2017-03-10 16:35:56 382696 ----a-w- C:\Windows\System32\atmfd.dll
2017-03-10 16:31:58 41472 ----a-w- C:\Windows\System32\lpk.dll
2017-03-10 16:31:56 100864 ----a-w- C:\Windows\System32\fontsub.dll
2017-03-10 16:31:55 14336 ----a-w- C:\Windows\System32\dciman32.dll
2017-03-10 16:31:53 46080 ----a-w- C:\Windows\System32\atmlib.dll
2017-03-10 16:27:18 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2017-03-10 16:20:40 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2017-03-10 16:19:45 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2017-03-10 16:19:38 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2017-03-10 16:00:56 3219968 ----a-w- C:\Windows\System32\win32k.sys
2017-03-10 15:53:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2017-03-08 20:20:26 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2017-03-08 20:10:53 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2017-03-08 04:37:51 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-03-08 04:36:43 706792 ----a-w- C:\Windows\System32\winload.efi
2017-03-08 04:36:43 5548264 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-03-08 04:36:41 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-03-08 04:36:41 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-03-08 04:34:53 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-03-08 04:26:43 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-03-08 04:26:43 3945192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-03-08 04:24:21 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-03-08 04:21:58 342528 ----a-w- C:\Windows\SysWow64\certcli.dll
2017-03-08 04:03:58 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-03-08 04:03:54 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-03-08 04:03:53 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-03-08 04:03:13 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-03-08 04:00:11 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-03-08 03:59:18 296960 ----a-w- C:\Windows\System32\rstrui.exe
2017-03-08 03:57:53 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-03-08 03:56:37 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-03-08 03:56:03 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-03-08 03:56:01 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-03-08 03:55:18 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-03-08 03:55:15 112640 ----a-w- C:\Windows\System32\smss.exe
2017-03-08 03:54:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2017-03-08 03:54:20 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2017-03-08 03:54:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2017-03-08 03:54:20 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2017-03-08 03:53:34 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2017-03-08 03:53:27 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2017-03-08 03:53:27 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-08 03:53:27 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-08 03:53:27 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2017-03-07 16:30:47 85504 ----a-w- C:\Windows\System32\asycfilt.dll
2017-03-07 16:17:40 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2017-03-07 14:05:55 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2017-03-04 01:27:12 1574912 ----a-w- C:\Windows\System32\quartz.dll
2017-03-04 01:27:05 93696 ----a-w- C:\Windows\System32\mfmjpegdec.dll
2017-03-04 01:14:51 1329664 ----a-w- C:\Windows\SysWow64\quartz.dll
2017-03-04 01:14:31 77312 ----a-w- C:\Windows\SysWow64\mfmjpegdec.dll
2017-02-14 16:33:00 757248 ----a-w- C:\Windows\System32\win32spl.dll
2017-02-14 16:19:08 497664 ----a-w- C:\Windows\SysWow64\win32spl.dll
2017-02-11 16:33:21 2048 ----a-w- C:\Windows\System32\tzres.dll
.
============= FINISH: 12:32:48.14 ===============
Attached Files
File Type: txt attach.txt (4.0 KB, 13 views)
redc5 is offline  
Sponsored Links
Advertisement
 
Old 04-21-2017, 03:07 PM   #2
I helped the forums.
 
Join Date: May 2010
Location: Georgia USA
Posts: 50
OS: Widows 7 Pro



bump please
redc5 is offline  
Old 04-22-2017, 08:01 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 04-22-2017, 08:58 PM   #4
I helped the forums.
 
Join Date: May 2010
Location: Georgia USA
Posts: 50
OS: Widows 7 Pro



# AdwCleaner v6.045 - Logfile created 22/04/2017 at 23:37:04
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-22.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : JG - DELLOPTIPLEX755
# Running from : C:\Users\JG\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\JG\AppData\Local\YSearchUtil
[-] Folder deleted: C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
[#] Folder deleted on reboot: C:\ProgramData\Application Data\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil


***** [ Files ] *****

[-] File deleted: C:\user.js
[-] File deleted: C:\Users\JG\AppData\Roaming\Mozilla\Firefox\Profiles\audmwbwx.default\extensions\[email protected]


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1248 Bytes] - [22/04/2017 23:37:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [1544 Bytes] - [22/04/2017 23:36:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1394 Bytes] ##########



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2017
Ran by JG (administrator) on DELLOPTIPLEX755 (22-04-2017 23:52:08)
Running from C:\Users\JG\Desktop
Loaded Profiles: JG (Available Profiles: DELL OPTIPLEX 755 & JG)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1282048 2007-08-01] (Analog Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1308725578-186302075-770179777-1003\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-08-22] (Hewlett-Packard Company)
HKU\S-1-5-21-1308725578-186302075-770179777-1003\...\Run: [ContourCameraFinder] => C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe [247448 2014-09-18] ()
HKU\S-1-5-21-1308725578-186302075-770179777-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\PhotoScreenSaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2014-07-13]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-07-13]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop (1).ini [2009-09-18] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v3 Genie.lnk [2015-07-04]
ShortcutTarget: NETGEAR WNDA3100v3 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE (NETGEAR)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2014-07-13]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-07-13]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop (1).ini [2009-09-18] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v3 Genie.lnk [2015-07-04]
ShortcutTarget: NETGEAR WNDA3100v3 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE (NETGEAR)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{9F009CC5-0A6E-40CF-B394-4B78E2459293}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
HKU\S-1-5-21-1308725578-186302075-770179777-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-1308725578-186302075-770179777-1003 -> DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://www.google.com
SearchScopes: HKU\S-1-5-21-1308725578-186302075-770179777-1003 -> {219127C5-A1D6-4D2D-943C-2B1F4248DEA7} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1308725578-186302075-770179777-1003 -> {66872A1B-6C5C-47DC-8F4F-18FEFD28BCD4} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-1308725578-186302075-770179777-1003 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://www.google.com
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

FireFox:
========
FF ProfilePath: C:\Users\JG\AppData\Roaming\Mozilla\Firefox\Profiles\audmwbwx.default [2017-04-22]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\audmwbwx.default -> Bing
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\audmwbwx.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\audmwbwx.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\audmwbwx.default -> hxxp://www.google.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\audmwbwx.default -> type", 0
FF Extension: (Adblock Plus) - C:\Users\JG\AppData\Roaming\Mozilla\Firefox\Profiles\audmwbwx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\JG\AppData\Roaming\Mozilla\Firefox\Profiles\audmwbwx.default\features\{24e49275-7ea7-474d-a405-510b05a4c797}\[email protected] [2017-04-18]
FF Extension: (Disable Prefetch) - C:\Users\JG\AppData\Roaming\Mozilla\Firefox\Profiles\audmwbwx.default\features\{24e49275-7ea7-474d-a405-510b05a4c797}\[email protected] [2017-04-18]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2017-03-29] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-19] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43112 2012-02-16] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-08-22] (Hewlett-Packard Company) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-27] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2015-02-24] (Windows (R) Win 7 DDK provider)
R3 WNDA3100v3; C:\Windows\System32\DRIVERS\WNDA3100v3.sys [2225808 2014-12-08] (MediaTek Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-22 23:45 - 2017-04-22 23:53 - 00013194 _____ C:\Users\JG\Desktop\FRST.txt
2017-04-22 23:44 - 2017-04-22 23:45 - 00000000 ____D C:\FRST
2017-04-22 23:43 - 2017-04-22 23:43 - 02425344 _____ (Farbar) C:\Users\JG\Desktop\FRST64.exe
2017-04-22 23:39 - 2017-04-22 23:39 - 00001473 _____ C:\Users\JG\Desktop\AdwCleaner[C0].txt
2017-04-22 23:35 - 2017-04-22 23:37 - 00000000 ____D C:\AdwCleaner
2017-04-22 23:34 - 2017-04-22 23:34 - 04089296 _____ C:\Users\JG\Desktop\AdwCleaner.exe
2017-04-21 12:13 - 2017-04-21 17:20 - 00014336 _____ C:\Users\JG\Documents\HAM Log.xls
2017-04-18 12:32 - 2017-04-18 12:32 - 00018855 _____ C:\Users\JG\Desktop\dds.txt
2017-04-18 12:32 - 2017-04-18 12:32 - 00004075 _____ C:\Users\JG\Desktop\attach.txt
2017-04-18 08:40 - 2017-04-18 08:40 - 00688992 ____R (Swearware) C:\Users\JG\Desktop\dds.scr
2017-04-17 13:34 - 2017-04-17 13:39 - 00000000 ____D C:\Users\JG\Desktop\scope
2017-04-12 10:54 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 10:54 - 2017-03-25 13:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 10:54 - 2017-03-25 12:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 10:53 - 2017-03-27 14:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 10:53 - 2017-03-27 13:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 10:53 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 10:53 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 10:53 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 10:53 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 10:53 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 10:53 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 10:53 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 10:53 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 10:53 - 2017-03-25 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-12 10:53 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 10:53 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 10:53 - 2017-03-25 14:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-12 10:53 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 10:53 - 2017-03-25 14:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-12 10:53 - 2017-03-25 14:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-12 10:53 - 2017-03-25 14:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 10:53 - 2017-03-25 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-12 10:53 - 2017-03-25 14:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-12 10:53 - 2017-03-25 14:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-12 10:53 - 2017-03-25 14:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-12 10:53 - 2017-03-25 14:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-12 10:53 - 2017-03-25 14:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-12 10:53 - 2017-03-25 14:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-12 10:53 - 2017-03-25 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-12 10:53 - 2017-03-25 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-12 10:53 - 2017-03-25 14:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-12 10:53 - 2017-03-25 14:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 10:53 - 2017-03-25 14:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 10:53 - 2017-03-25 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 10:53 - 2017-03-25 14:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 10:53 - 2017-03-25 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 10:53 - 2017-03-25 14:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 10:53 - 2017-03-25 14:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 10:53 - 2017-03-25 14:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 10:53 - 2017-03-25 14:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 10:53 - 2017-03-25 14:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 10:53 - 2017-03-25 13:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 10:53 - 2017-03-25 13:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 10:53 - 2017-03-25 13:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 10:53 - 2017-03-25 13:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 10:53 - 2017-03-25 13:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 10:53 - 2017-03-25 13:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 10:53 - 2017-03-25 13:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 10:53 - 2017-03-25 13:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 10:53 - 2017-03-25 13:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 10:53 - 2017-03-25 13:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 10:53 - 2017-03-25 13:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 10:53 - 2017-03-25 13:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 10:53 - 2017-03-25 13:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 10:53 - 2017-03-25 13:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-12 10:53 - 2017-03-25 13:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 10:53 - 2017-03-25 13:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-12 10:53 - 2017-03-25 13:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 10:53 - 2017-03-25 13:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 10:53 - 2017-03-25 12:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 10:53 - 2017-03-25 12:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 10:53 - 2017-03-25 12:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 10:53 - 2017-03-25 12:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-12 10:53 - 2017-03-25 12:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 10:53 - 2017-03-25 12:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 10:53 - 2017-03-25 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 10:53 - 2017-03-24 18:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 10:53 - 2017-03-24 18:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 10:53 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 10:53 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 10:53 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 10:53 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 10:53 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 10:53 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 10:53 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 10:53 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 10:53 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 10:53 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 10:53 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 10:53 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 10:53 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 10:53 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 10:53 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 10:53 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 10:53 - 2017-03-14 11:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 10:53 - 2017-03-14 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 10:53 - 2017-03-14 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 10:53 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 10:53 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 10:53 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 10:53 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 10:53 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 10:53 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 10:53 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 10:53 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 10:53 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 10:53 - 2017-03-10 12:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 10:53 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 10:53 - 2017-03-08 16:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 10:53 - 2017-03-08 16:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 10:53 - 2017-03-08 00:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 10:53 - 2017-03-08 00:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 10:53 - 2017-03-08 00:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 10:53 - 2017-03-08 00:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 10:53 - 2017-03-08 00:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 10:53 - 2017-03-08 00:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 10:53 - 2017-03-08 00:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 10:53 - 2017-03-08 00:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 10:53 - 2017-03-08 00:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 10:53 - 2017-03-08 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 10:53 - 2017-03-08 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 10:53 - 2017-03-08 00:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 10:53 - 2017-03-07 23:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 10:53 - 2017-03-07 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 10:53 - 2017-03-07 23:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 10:53 - 2017-03-07 23:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 10:53 - 2017-03-07 23:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 10:53 - 2017-03-07 23:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 10:53 - 2017-03-07 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 10:53 - 2017-03-07 23:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 10:53 - 2017-03-07 23:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 10:53 - 2017-03-07 23:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 10:53 - 2017-03-07 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 10:53 - 2017-03-07 23:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 10:53 - 2017-03-07 23:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 10:53 - 2017-03-07 23:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 10:53 - 2017-03-07 23:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 10:53 - 2017-03-07 23:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 10:53 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 10:53 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 10:53 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 10:53 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 10:53 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 10:53 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 10:53 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 10:53 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 10:53 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 10:53 - 2017-02-11 12:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 10:53 - 2017-02-11 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-12 10:53 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 10:53 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 10:53 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-12 10:53 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 10:53 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-09 10:55 - 2017-04-09 10:55 - 00000000 ____D C:\Users\JG\Downloads\11G_Win7
2017-04-09 10:54 - 2017-04-09 10:55 - 18385498 _____ C:\Users\JG\Downloads\11G_Win7.zip
2017-04-08 12:28 - 2017-04-08 12:28 - 00000000 ____D C:\Users\JG\Downloads\rufus_files
2017-04-08 12:26 - 2017-04-08 12:26 - 00951416 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\JG\Downloads\rufus-2.13.exe
2017-04-05 16:03 - 2017-04-20 11:53 - 00000000 ____D C:\Users\JG\AppData\Roaming\Unitrunker
2017-04-05 16:03 - 2017-04-05 16:03 - 03252224 _____ C:\Users\JG\Downloads\UniTrunker-1.0.32.7.msi
2017-04-05 16:03 - 2017-04-05 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unitrunker
2017-04-05 16:03 - 2017-04-05 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unitrunker
2017-04-05 16:03 - 2017-04-05 16:03 - 00000000 ____D C:\Program Files (x86)\Unitrunker
2017-04-04 09:11 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-04-04 09:11 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-04-04 09:11 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-04-04 09:11 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-04-04 09:11 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-04-04 09:11 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-04-04 09:11 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-04-04 09:11 - 2016-11-20 10:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-04-04 09:11 - 2016-11-17 12:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-04-04 09:11 - 2016-11-10 12:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-04-04 09:11 - 2016-11-10 12:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-04-04 09:11 - 2016-11-09 12:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-04-04 09:11 - 2016-11-09 12:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-04-04 09:11 - 2016-11-09 12:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-04-04 09:11 - 2016-11-09 12:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-04-04 09:11 - 2016-11-09 12:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-04-04 09:11 - 2016-11-09 12:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-04-04 09:11 - 2016-10-11 11:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-04-04 09:11 - 2016-10-11 11:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-04-04 09:11 - 2016-10-11 11:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-04-04 09:11 - 2016-10-11 11:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-04-04 09:11 - 2016-10-11 09:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-04-04 09:11 - 2016-10-11 09:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-04-04 09:11 - 2016-10-11 09:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-04-04 09:11 - 2016-10-11 09:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-04-04 09:11 - 2016-10-08 09:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-04-04 09:11 - 2016-10-07 11:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-04-04 09:11 - 2016-10-07 11:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-04-04 09:11 - 2016-10-07 11:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-04-04 09:11 - 2016-10-07 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-04-04 09:11 - 2016-10-04 11:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-04-04 09:11 - 2016-10-04 11:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-04-04 09:11 - 2016-10-04 11:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-04-04 09:11 - 2016-10-04 11:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-04-04 09:11 - 2016-10-04 11:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-04-04 09:11 - 2016-10-04 11:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-04-04 09:11 - 2016-10-04 11:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-04-04 09:11 - 2016-10-04 11:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-04-04 09:11 - 2016-09-15 10:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-04-04 09:11 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-04-04 09:11 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-04-04 09:11 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-04-04 09:11 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-04-04 09:11 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-04-04 09:11 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-04-04 09:11 - 2016-08-22 12:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-04-04 09:11 - 2016-08-12 13:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-04-04 09:11 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-04-04 09:11 - 2016-08-12 12:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-04-04 09:11 - 2016-08-06 11:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-04-04 09:11 - 2016-08-06 11:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-04-04 09:11 - 2016-08-06 11:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-04-04 09:11 - 2016-08-06 11:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-04-04 09:11 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-04-04 09:11 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-04-04 09:11 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-04-04 09:11 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-04-04 09:11 - 2016-08-06 11:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-04-04 09:11 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-04-04 09:11 - 2016-06-14 13:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-04-04 09:11 - 2016-06-14 13:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-04-04 09:11 - 2016-06-14 13:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-04-04 09:11 - 2016-06-14 13:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-04-04 09:11 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-04-04 09:11 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-04-04 09:11 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-04-04 09:11 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-04-04 09:11 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-04-04 09:11 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-04-04 09:11 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-04-04 09:11 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-04-04 09:11 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-04-04 09:11 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-04-04 09:11 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-04-04 09:11 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-04-04 09:10 - 2017-02-11 11:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-04-04 09:10 - 2017-02-11 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-04-04 09:10 - 2017-02-11 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-04-04 09:10 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-04-04 09:10 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-04-04 09:10 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-04-04 09:10 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-04-04 09:10 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-04-04 09:10 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-04-04 09:10 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-04-04 09:10 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-04-04 09:10 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-04-04 09:10 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-04-04 09:10 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-04-04 09:10 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-04-04 09:10 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-04-04 09:10 - 2016-11-21 14:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-04-04 09:10 - 2016-11-20 12:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-04-04 09:10 - 2016-11-09 12:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-04-04 09:10 - 2016-11-09 12:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-04-04 09:10 - 2016-11-09 12:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-04-04 09:10 - 2016-11-09 12:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-04-04 09:10 - 2016-11-09 12:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-04-04 09:10 - 2016-11-09 11:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-04-04 09:10 - 2016-10-11 11:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-04-04 09:10 - 2016-10-11 11:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-04-04 09:10 - 2016-10-11 11:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-04-04 09:10 - 2016-10-11 11:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-04-04 09:10 - 2016-10-11 11:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-04-04 09:10 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-04-04 09:10 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-04-04 09:10 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-04-04 09:10 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-04-04 09:10 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-04-04 09:10 - 2016-10-11 11:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-04-04 09:10 - 2016-10-11 11:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-04-04 09:10 - 2016-10-11 11:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-04-04 09:10 - 2016-10-11 11:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-04-04 09:10 - 2016-10-11 11:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-04-04 09:10 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-04-04 09:10 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-04-04 09:10 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-04-04 09:10 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-04-04 09:10 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-04-04 09:10 - 2016-10-11 11:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-04-04 09:10 - 2016-10-11 11:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-04-04 09:10 - 2016-10-11 10:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-04-04 09:10 - 2016-10-05 10:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-04-04 09:10 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-04-04 09:10 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-04-04 09:10 - 2016-08-12 13:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-04-04 09:10 - 2016-08-12 13:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-04-04 09:10 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-04-04 09:10 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-04-04 09:10 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-04-04 09:10 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-04-04 09:10 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-04-04 09:10 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-04-04 09:10 - 2016-08-06 11:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-04-04 09:10 - 2016-08-06 11:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-04-04 09:10 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-04-04 09:10 - 2016-08-06 11:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-04-04 09:10 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-04-04 09:10 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-04-04 09:10 - 2016-06-14 13:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-04-04 09:10 - 2016-06-14 13:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-04-04 09:10 - 2016-06-14 13:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-04-04 09:10 - 2016-06-14 13:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-04-04 09:10 - 2016-06-14 13:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-04-04 09:10 - 2016-06-14 13:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-04-04 09:10 - 2016-06-14 13:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-04-04 09:10 - 2016-06-14 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-04-04 09:10 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-04-04 09:10 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-04-04 09:10 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-04-04 09:10 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-04-04 09:10 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-04-04 09:10 - 2016-06-14 11:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-04-04 09:10 - 2016-06-14 11:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-04-04 09:10 - 2016-06-14 11:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-04-04 09:10 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-04-04 09:10 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-04-04 09:10 - 2016-06-14 11:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-04-04 09:10 - 2016-06-14 11:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-04-03 11:57 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-04-03 11:57 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-04-03 11:07 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-04-02 15:22 - 2017-04-02 15:56 - 1554186240 _____ C:\Users\JG\Downloads\ubuntu-16.04.2-desktop-amd64.iso
2017-04-02 10:27 - 2017-04-02 10:27 - 00007600 _____ C:\Users\JG\AppData\Local\Resmon.ResmonCfg
2017-03-28 12:28 - 2017-03-28 12:30 - 69063160 _____ (iSeePassword ) C:\Users\JG\Downloads\windows-password-recovery-pro-trial.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-22 23:46 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-22 23:46 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-22 23:44 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-22 23:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-22 23:40 - 2016-11-17 09:34 - 00000000 ____D C:\Users\JG\AppData\LocalLow\Mozilla
2017-04-22 23:38 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-22 19:10 - 2015-11-16 09:10 - 00000000 ____D C:\Users\JG\Downloads\REV 6 board
2017-04-20 11:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-20 11:39 - 2016-11-16 10:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-19 10:59 - 2014-08-26 21:51 - 00000000 ____D C:\Users\JG\AppData\Local\Adobe
2017-04-19 10:59 - 2014-07-13 13:34 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-19 10:59 - 2014-07-13 13:34 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-19 10:59 - 2014-07-13 13:34 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-19 10:59 - 2014-07-13 13:34 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-18 14:22 - 2014-07-13 18:50 - 00000000 ____D C:\Users\JG\AppData\Roaming\vlc
2017-04-14 07:53 - 2009-07-14 01:08 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-13 08:43 - 2009-07-14 00:45 - 00360976 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 22:02 - 2014-06-21 00:51 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 21:59 - 2014-06-21 00:51 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 21:57 - 2014-06-21 00:39 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-12 11:00 - 2016-12-27 20:04 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-12 10:58 - 2016-12-27 20:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-12 10:58 - 2016-12-27 20:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-10 19:13 - 2016-05-10 18:54 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1ab0ef9047a17
2017-04-10 19:13 - 2016-05-10 18:54 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1ab0ef86885ee
2017-04-10 10:46 - 2009-09-21 11:35 - 00000000 ____D C:\Users\JG\Documents\PDF's
2017-04-08 14:54 - 2015-02-19 12:08 - 00000540 __RSH C:\ProgramData\ntuser.pol
2017-04-08 14:54 - 2015-02-19 12:08 - 00000540 __RSH C:\ProgramData\ntuser.pol
2017-04-08 12:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-04-07 18:06 - 2010-11-20 23:27 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-04-05 08:35 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-04-05 08:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-04-05 08:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2017-04-04 15:52 - 2009-09-21 11:32 - 00000000 ____D C:\Users\JG\Documents\My Docs
2017-04-03 11:36 - 2014-06-21 01:42 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-04-03 11:36 - 2014-06-21 01:42 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-04-03 11:36 - 2014-06-21 01:42 - 00001945 _____ C:\Windows\epplauncher.mif
2017-04-03 11:36 - 2014-06-21 01:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-04-03 11:35 - 2014-06-21 01:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-03-30 15:44 - 2015-06-21 09:22 - 00000000 ____D C:\Windows\system32\appmgmt
2017-03-29 20:06 - 2014-07-12 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-07-14 18:28 - 2014-07-14 18:28 - 1647944 _____ () C:\Users\JG\AppData\Roaming\UserTile.png
2014-09-02 07:56 - 2015-05-04 08:22 - 0147536 _____ () C:\Users\JG\AppData\Local\ars.cache
2014-09-02 07:56 - 2015-05-04 08:22 - 0294997 _____ () C:\Users\JG\AppData\Local\census.cache
2014-09-02 07:37 - 2014-09-02 07:37 - 0000036 _____ () C:\Users\JG\AppData\Local\housecall.guid.cache
2017-04-02 10:27 - 2017-04-02 10:27 - 0007600 _____ () C:\Users\JG\AppData\Local\Resmon.ResmonCfg
2014-09-02 07:51 - 2015-05-04 08:10 - 0000010 _____ () C:\Users\JG\AppData\Local\sponge.last.runtime.cache
2014-07-13 09:48 - 2015-03-19 07:44 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-07-13 09:47 - 2016-05-02 09:27 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-07-13 09:47 - 2015-09-04 17:53 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-07-13 09:47 - 2014-07-13 09:47 - 0000268 ___RH () C:\ProgramData\Space Choir
2014-07-13 09:48 - 2014-07-13 09:48 - 0000268 ___RH () C:\ProgramData\Spacious
2014-07-13 09:47 - 2014-07-13 09:47 - 0000268 ___RH () C:\ProgramData\Specifications
2014-07-13 09:47 - 2014-07-13 09:47 - 0000012 ___RH () C:\ProgramData\Strings
2014-07-13 09:48 - 2014-07-13 09:48 - 0000012 ___RH () C:\ProgramData\SupportPrinters
2014-07-13 09:47 - 2014-07-13 09:47 - 0000012 ___RH () C:\ProgramData\Sync Services

Some files in TEMP:
====================
2014-07-12 20:22 - 2014-07-12 20:30 - 50067152 _____ (Microsoft Corporation) C:\Users\DELL OPTIPLEX 755\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
2014-07-18 11:21 - 2011-02-26 00:32 - 0161704 ____R (Autodesk, Inc.) C:\Users\JG\AppData\Local\Temp\AcDeltree.exe
2014-07-11 17:12 - 2014-07-11 17:12 - 0918952 _____ (Oracle Corporation) C:\Users\JG\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
2014-07-28 01:15 - 2014-07-28 01:15 - 0918440 _____ (Oracle Corporation) C:\Users\JG\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2014-09-29 13:06 - 2014-09-29 13:06 - 0937896 _____ (Oracle Corporation) C:\Users\JG\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
2016-07-25 08:06 - 2016-07-25 08:06 - 0741440 _____ (Oracle Corporation) C:\Users\JG\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-11-09 09:50 - 2016-11-09 09:50 - 0737856 _____ (Oracle Corporation) C:\Users\JG\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-27 10:42 - 2017-01-27 10:42 - 0739904 _____ (Oracle Corporation) C:\Users\JG\AppData\Local\Temp\jre-8u121-windows-au.exe
2014-12-18 13:29 - 2014-12-18 13:29 - 0641448 _____ (Oracle Corporation) C:\Users\JG\AppData\Local\Temp\jre-8u31-windows-au.exe
2016-01-25 09:36 - 2016-01-25 09:36 - 0644704 _____ (Oracle Corporation) C:\Users\JG\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-10 09:42 - 2016-02-10 09:42 - 0736352 _____ (Oracle Corporation) C:\Users\JG\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-27 18:27 - 2016-03-27 18:27 - 0736320 _____ (Oracle Corporation) C:\Users\JG\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-05-01 08:32 - 2016-05-01 08:32 - 0739904 _____ (Oracle Corporation) C:\Users\JG\AppData\Local\Temp\jre-8u91-windows-au.exe
2014-10-05 09:20 - 2011-05-11 20:50 - 0053248 _____ (BeyondLogic) C:\Users\JG\AppData\Local\Temp\Process.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-28 11:57

==================== End of FRST.txt ============================
redc5 is offline  
Old 04-22-2017, 08:59 PM   #5
I helped the forums.
 
Join Date: May 2010
Location: Georgia USA
Posts: 50
OS: Widows 7 Pro



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2017
Ran by JG (22-04-2017 23:54:26)
Running from C:\Users\JG\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-06-21 03:23:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1308725578-186302075-770179777-500 - Administrator - Disabled)
DELL OPTIPLEX 755 (S-1-5-21-1308725578-186302075-770179777-1001 - Administrator - Enabled) => C:\Users\DELL OPTIPLEX 755
Guest (S-1-5-21-1308725578-186302075-770179777-501 - Limited - Disabled)
JG (S-1-5-21-1308725578-186302075-770179777-1003 - Administrator - Enabled) => C:\Users\JG

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 6.0 Professional (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000001}) (Version: 006.000.000 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{8A7D0970-C0A4-4B56-94D4-E3A175AB45BB}) (Version: 6.0.0.94 - ArcSoft)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Contour Storyteller (HKLM-x32\...\Contour Storyteller 3.6.2) (Version: 3.6.2 - Contour)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
File Download ActiveX (HKLM-x32\...\File Download ActiveX) (Version: 1.0 - smart-activex.com)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
IntelŪ Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
KG-UV Commander (HKLM-x32\...\KG-UV Commander_is1) (Version: - Jim Mitchell)
LightScribe System Software 1.14.25.1 (HKLM-x32\...\{DA9DAC64-C947-47BA-B411-8A1959B177CF}) (Version: 1.14.25.1 - LightScribe)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MicroStar (HKLM-x32\...\{2961A554-E5C3-4E6B-8AD6-6BF2988C18AB}) (Version: 1.0.0.0 - GAA Custom Electronics)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
NETGEAR WNDA3100v3 (x32 Version: 1.0.0.10 - NETGEAR) Hidden
NETGEAR WNDA3100v3 (x32 Version: 1.0.0.8 - NETGEAR) Hidden
NETGEAR WNDA3100v3 Genie (HKLM-x32\...\InstallShield_{60C50FCC-545B-4D5D-B0D1-4A773143BCE7}) (Version: 1.0.0.10 - NETGEAR)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.9.0 - Nikon)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.3.0.43 - Symantec Corporation)
PhoenixRC (HKLM-x32\...\{545DF825-0A9A-499F-B9A8-2A1A355ED7FC}) (Version: 4.0.10 - Runtime Games Ltd)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.9.0 - Prolific Technology INC)
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.5491 - Analog Devices)
Unitrunker (HKLM-x32\...\{516B58F3-E46C-4FC9-AF3E-6CC0354A976A}) (Version: 15.08.04 - Unitrunker.com)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.9.0 - Nikon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {010EC67F-196F-4B66-8FF0-308C386B4AB5} - System32\Tasks\{84C89F8C-7E71-4D1F-A6EF-31ABB7E73C97} => C:\Program Files\Dassault Systemes\DraftSight\bin\DraftSight.exe
Task: {05141A65-CA94-499B-A35C-D636CE618A38} - System32\Tasks\{11E6513E-F657-40C0-BC40-1B3301CC3E6F} => C:\Users\DELL OPTIPLEX 755\Desktop\Dell Optiplex Drivers\VIDEO.EXE
Task: {0CF16536-1FAD-41C5-B47C-7C411238ED8A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {11D689F4-970A-421C-B637-3A8E5438C871} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {1B0F3FD2-FBFB-4694-AEDE-8F7D7CE61ECE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1E7636B5-0193-4E31-86EC-54FCF4EA63F9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3F60830E-1EC1-4D0D-A81C-F61D551B849C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {4371B404-617F-480D-92CE-325FA7060DFF} - System32\Tasks\{78781270-F900-47EF-BFE4-D1A3971B8843} => C:\Users\DELL OPTIPLEX 755\Desktop\Dell Optiplex Drivers\VIDEO_DRVR_WIN_R205650.EXE
Task: {468A6C85-D647-4DAC-8F85-2AF3543F8262} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {523A3B69-F8DC-4955-BC15-E83DBBD874DE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5D42DA26-FA5F-453B-8AB1-378116CE9974} - System32\Tasks\{0286186E-62D0-4538-97F2-E665CF073103} => C:\Users\DELL OPTIPLEX 755\Desktop\Dell Optiplex Drivers\VIDEO_DRVR_WIN_R205650.EXE
Task: {5F366AB4-DB21-4B10-8830-DCB11629F982} - System32\Tasks\{68966304-8641-4F32-AE28-4F20D816EEBA} => C:\Users\DELL OPTIPLEX 755\Desktop\Dell Optiplex Drivers\VIDEO.EXE
Task: {61D19F01-682A-429D-9FF9-D5A76C12B8CE} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab0ef86885ee => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {652F7626-7918-4AA7-9D24-FA561DAB0614} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {67FCA9E8-6E22-4B95-AAB1-02C5559121BF} - System32\Tasks\{B2D2F13D-EFEB-4655-9637-08F4DAA1A322} => C:\Users\DELL OPTIPLEX 755\Desktop\Dell Optiplex Drivers\VIDEO_DRVR_WIN_R205648.EXE
Task: {8B2031A1-A548-4FAA-A881-9B4F8735A7F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9675DE7B-1BD9-480E-9A4B-3BD2B7C159AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => %windir%\system32\srtasks.exe
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe
Task: {A72F7526-9DB2-46B3-A084-CA1DCFEE6C26} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {AAEFEAE1-6A1D-4DE0-B79E-8D83B9FAA128} - System32\Tasks\{AD91825C-2FFF-4F99-95C1-68568C3E3C33} => C:\Users\DELL OPTIPLEX 755\Desktop\Dell Optiplex Drivers\VIDEO_DRVR_WIN_R205648.EXE
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {BDDCC534-1C2D-474D-AB71-BDF7667FBD8A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-19] (Adobe Systems Incorporated)
Task: {C11204D4-0440-408D-9FEA-49452F3DC4BE} - System32\Tasks\GoogleUpdateTaskMachineUA1d1ab0ef9047a17 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DE198BE9-7EBE-4D4E-95AC-C789272789D4} - System32\Tasks\{A3694994-4CDB-451B-A688-DFEB5F29BEF6} => C:\Program Files\Dassault Systemes\DraftSight\bin\DraftSight.exe
Task: {E733F290-66BA-460F-A6A5-1A42FDAD53F7} - System32\Tasks\Norton Security Scan for JG => C:\Program Files (x86)\Norton Security Scan\Engine\4.3.0.43\Nss.exe [2015-07-07] (Symantec Corporation)
Task: {EE059F5A-97B5-4BDA-A016-674AE852F9D0} - System32\Tasks\{77AF21D2-0B8D-4009-A6B1-BFE153F9E84C} => C:\Users\DELL OPTIPLEX 755\Desktop\Dell Optiplex Drivers\VIDEO.EXE
Task: {F1EB116F-291D-464F-AEFE-6F4769AEA74C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FB4B662A-D90E-4810-A631-E315A2659B08} - System32\Tasks\{45EB1DAD-1526-4F01-A9C3-64C8CA3E0E29} => C:\Users\DELL OPTIPLEX 755\Desktop\Dell Optiplex Drivers\VIDEO_DRVR_WIN_R205648.EXE

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for JG.job => C:\PROGRA~2\NORTON~2\Engine\430~1.43\Nss.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-05 09:21 - 2014-09-18 02:04 - 00247448 _____ () C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe
2007-07-12 14:55 - 2007-07-12 14:55 - 01581056 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2007-08-14 14:59 - 2007-08-14 14:59 - 06365184 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2007-07-12 14:55 - 2007-07-12 14:55 - 00131072 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-12-22 10:03 - 2014-12-22 10:03 - 00122880 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v3\Ralink.dll
2012-11-21 18:26 - 2012-11-21 18:26 - 01204224 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v3\RaWLAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1308725578-186302075-770179777-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\JG\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{771B0CBE-7A65-4D76-AA8E-16F4E46C8B50}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0807FDF0-E069-4B6D-9405-74975324FC87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0D88D6E4-4B9B-45AF-A36E-36A385DCD126}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{87F59002-9737-4DDB-9DFF-75E51A50F2F6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{83ABE470-9C32-4C74-BBC2-DBF1E782FF66}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D4881982-ABFB-4799-82E1-211CF811FE81}] => (Allow) LPort=2869
FirewallRules: [{019D4E64-0831-4DBE-8F07-989AC08B2EA7}] => (Allow) LPort=1900
FirewallRules: [{AD52E21C-BDA6-45B3-9896-324E30A6F199}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04B5276F-6374-4D3F-AE54-EDF2816BBC01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4CCC18B8-32A6-43D1-8B84-E3555C6987DA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AC8E3ABB-AAFB-4C76-98D9-0AEAB91D1FD1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{1E05F08E-0DD3-4B95-869B-E13CECEE0FAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C472729F-0B93-46FA-88DA-3294EF9C7CF5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{05BE7196-5FA9-4E22-895A-BF447E40B5BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E0691D3-425C-41D3-A995-415BA424B1C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3E2B2DED-43E4-44C5-A46D-3F45EE819803}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FD4E66C6-CA64-4589-B1B3-4ED450819A3C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8B241005-B979-494A-8E36-3FE973D2C862}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D9482DF5-9054-4CA9-825E-2EDD3F8CB9F9}] => (Allow) E:\OnlineInstaller.exe
FirewallRules: [{8074FBEB-BCFD-45F3-82F2-A6A9F4A01B42}] => (Allow) E:\OnlineInstaller.exe

==================== Restore Points =========================

03-04-2017 22:40:13 Windows Update
04-04-2017 22:00:01 Windows Update
05-04-2017 16:03:30 Installed Unitrunker
09-04-2017 09:14:55 Windows Update
12-04-2017 10:50:18 Windows Update
12-04-2017 21:54:27 Windows Update
17-04-2017 07:31:40 Windows Update
20-04-2017 11:52:00 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2017 11:51:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 23.4.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c34

Start Time: 01d2bbe3e79904ee

Termination Time: 2

Application Path: C:\Users\JG\Desktop\FRST64.exe

Report Id: ade22c7d-27d7-11e7-9a18-001aa0e51659

Error: (04/22/2017 11:39:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/22/2017 10:34:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/21/2017 06:21:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/21/2017 06:14:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/21/2017 07:04:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/20/2017 05:27:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/20/2017 11:40:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/20/2017 07:05:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/19/2017 11:58:03 AM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver


System errors:
=============
Error: (04/22/2017 11:36:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/22/2017 11:36:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/22/2017 11:36:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/22/2017 11:36:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/22/2017 11:36:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Active Management Technology User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/22/2017 11:36:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/22/2017 11:36:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/22/2017 11:36:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Active Management Technology System Status Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/22/2017 11:36:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/22/2017 11:36:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 62%
Total physical RAM: 3956.61 MB
Available physical RAM: 1496.13 MB
Total Virtual: 7911.41 MB
Available Virtual: 5837.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:597.59 GB) NTFS
Drive e: (Data) (Fixed) (Total:465.76 GB) (Free:153.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 62409A83)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 3CAD3CAC)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
redc5 is offline  
Old 04-23-2017, 02:09 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Julian. Not seeing much here.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

https://pcsupport.about.com/od/window...-windows-7.htm

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
    Task: {468A6C85-D647-4DAC-8F85-2AF3543F8262} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
    Task: {652F7626-7918-4AA7-9D24-FA561DAB0614} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
    GroupPolicy: Restriction <======= ATTENTION
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-23-2017, 04:33 PM   #7
I helped the forums.
 
Join Date: May 2010
Location: Georgia USA
Posts: 50
OS: Widows 7 Pro



The FRST64 hung and reported "not responding" but it had already created the fixlog.txt file

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-04-2017
Ran by JG (23-04-2017 19:25:51) Run:1
Running from C:\Users\JG\Desktop\New folder
Loaded Profiles: JG (Available Profiles: DELL OPTIPLEX 755 & JG)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {468A6C85-D647-4DAC-8F85-2AF3543F8262} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {652F7626-7918-4AA7-9D24-FA561DAB0614} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
GroupPolicy: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{468A6C85-D647-4DAC-8F85-2AF3543F8262} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{468A6C85-D647-4DAC-8F85-2AF3543F8262} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{652F7626-7918-4AA7-9D24-FA561DAB0614} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{652F7626-7918-4AA7-9D24-FA561DAB0614} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 76748721 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 225138046 B
Edge => 0 B
Chrome => 0 B
redc5 is offline  
Old 04-23-2017, 06:47 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Julian. Any improvement in behavior?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-bc.1878-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Your Java is out of date.

Java(TM) 8 Update 121 can be updated from the Java Control Panel. Go Start > Control Panel > Programs > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it. Also, let Java remove older versions if prompted.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-24-2017, 11:22 AM   #9
I helped the forums.
 
Join Date: May 2010
Location: Georgia USA
Posts: 50
OS: Widows 7 Pro



I have JAVA disabled..
I can see performance is much improved!!!!

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/24/2017
Scan Time: 10:12 AM
Logfile: mlbscanlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.04.24.03
Rootkit Database: v2017.04.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JG

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314430
Time Elapsed: 12 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


C:\Users\JG\AppData\Local\Temp\Process.exe Win32/PrcView potentially unsafe application
C:\Users\JG\AppData\Local\Temp\contour\Process.exe Win32/PrcView potentially unsafe application
C:\Users\JG\Downloads\cbsidlm-cbsi213-File_Download_ActiveX-ORG-75323210.exe a variant of Win32/CNETInstaller.B potentially unwanted application
E:\DELLOPTIPLEX755\Backup Set 2014-12-09 123920\Backup Files 2014-12-09 123920\Backup files 12.zip a variant of Win32/CNETInstaller.B potentially unwanted application
E:\DELLOPTIPLEX755\Backup Set 2015-04-19 190004\Backup Files 2015-04-19 190004\Backup files 18.zip a variant of Win32/CNETInstaller.B potentially unwanted application
E:\DELLOPTIPLEX755\Backup Set 2015-10-11 190004\Backup Files 2015-10-11 190004\Backup files 21.zip a variant of Win32/CNETInstaller.B potentially unwanted application
Autostart locations a variant of Win32/CNETInstaller.B potentially unwanted application
redc5 is offline  
Old 04-25-2017, 07:29 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Julian. Glad to hear it.

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Users\JG\Downloads\cbsidlm-cbsi213-File_Download_ActiveX-ORG-75323210.exe

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-26-2017, 05:45 AM   #11
I helped the forums.
 
Join Date: May 2010
Location: Georgia USA
Posts: 50
OS: Widows 7 Pro



https://www.virustotal.com/en/file/e...is/1493210621/
redc5 is offline  
Old 04-27-2017, 04:31 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Julian. PrcView is OK if you installed it.

Up to you whether to delete those backups.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c del /a/f/q "C:\Users\JG\Downloads\cbsidlm-cbsi213-File_Download_ActiveX-ORG-75323210.exe"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.
  • Go to Computer > System properties > System protection > Configure.
  • Check 'Turn off system protection' > Apply > Yes > OK.
  • Now turn it back on > Configure
  • Check 'Restore system settings and previous versions of files'.
  • Click Apply > OK > OK.
This will flush out older possibly infected System Restore Points and create one fresh, clean System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

https://windows.microsoft.com/en-US/w...up-and-restore

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-27-2017, 10:38 AM   #13
I helped the forums.
 
Join Date: May 2010
Location: Georgia USA
Posts: 50
OS: Widows 7 Pro



Solved

Thank you for the help!!!
redc5 is offline  
Old 04-28-2017, 05:52 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
BSOD help Windows 7 64 bit
Over the last months I have had different BSOD's. I have little time have not been really been able to post information, but today I have some time finally (plus getting tired of it). Could you help me out identifying what the driver, hardware, problem is? Thanks so much in advance! ...
HardTrance9 BSOD, App Crashes And Hangs 24 02-18-2014 06:01 PM
Windows7 BSOD DRIVER_POWER_STATE_FAILURE
Hi, I have been trying to find out the reason for the BSOD, but to no avail. Please help. Attaching the Dump files. Thanks, Abhishek.
abhishek.ardey BSOD, App Crashes And Hangs 14 08-14-2011 03:01 AM
Blue Screen - EpicSight
I've been having blue screens for a long time now. Ever since I did a lot of hardware upgrades, they have been constant. Also, ontop of the blue screens, my internet will randomly go out. A message pops up while troubleshooting that goes something like "Problems with (something) gateway closed". I...
EpicSight BSOD, App Crashes And Hangs 39 07-13-2011 05:08 PM
Bsod problems--vista
· OS - Vista/ Windows 7 ? Vista · x86 (32-bit) or x64 ? 32-bit · What was original installed OS on system? Vista · Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? OEM · Age of system (hardware) 1-2 Years? · Age of OS installation...
a7xcoreya7z BSOD, App Crashes And Hangs 5 05-23-2011 06:11 PM
Blue Screen [moved from Vista/7]
I don't know much about the pain in the bum Blue Screen but i have it. I was told to get the info from the Blue screen when it came up. Here it is - 0x00000077 (0xc000009d, 0xc000009d, 0x00000000, 0x289f4000) I just don't know where i got go from here lol. Can anyone help? Please :P
Death Keeper 34 BSOD, App Crashes And Hangs 4 02-02-2011 07:44 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:20 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts