Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Crazy ad sound in background!

This is a discussion on Crazy ad sound in background! within the Resolved HJT Threads forums, part of the Tech Support Forum category. I know it's malware cause I got a message saying "abc can't run script" and I hear TV ads in


 
 
Thread Tools Search this Thread
Old 01-06-2017, 04:55 PM   #1
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



I know it's malware cause I got a message saying "abc can't run script" and I hear TV ads in the background. I ran MS Malicious software tool, Malwarebytes, Hitman and Zemana. Is there an easier way to fix this without all the steps on your site?

There were Trojans and all kind of bad stuff.

Thank you.


BTW it hijacked my Firefox and stuff but I got that back. But it's sooooo slooooww. It also hj my administrative but I got that back.
lennonforever is offline  
Sponsored Links
Advertisement
 
Old 01-06-2017, 05:24 PM   #2
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by Denise at 20:00:49 on 2017-01-06
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.5080.1870 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\SysWOW64\tbaseprovisioning.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Lenovo\iMController\SystemAgentService.exe
C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
C:\WINDOWS\system32\CxAudMsg64.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Windows\System32\LenovoWiFiHotspotSvr.exe
C:\windows\system32\mfevtps.exe
C:\WINDOWS\SysWoW64\SAsrv.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\dashost.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Elantech\ETDIntelligent.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Windows\System32\CastSrv.exe
C:\Windows\WebCam\S6000\S6000Mnt.exe
C:\Program Files (x86)\Skybox\iger.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\Skybox\iger.exe
C:\Program Files (x86)\Skybox\iger.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Users\Denise\Downloads\Windows-KB890830-x64-V5.43.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = Google
uRun: [EPSON NX410 Series] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\WINDOWS\TEMP\E_SDC41.tmp" /EF "HKCU"
uRun: [OneDrive] "C:\Users\Denise\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [gurskygursky] "C:\Program Files (x86)\Skybox\iger.exe"
uRun: [ranarana] "C:\Program Files (x86)\Skybox\iger.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe" /R
mRun: [AnonymizerGadget] "C:\Users\Denise\AppData\Roaming\AGData\bin$\AnonymizerLauncher.exe" /S /startup --ppapi-flash-path=./pepflashplayer.dll /source:1665 /subsource:200088737
mRun: [ackroydackroyd] "C:\Program Files (x86)\Skybox\iger.exe"
mRun: [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{2453eb96-6740-4fae-b2bc-54f7a760aa3e} : NameServer = 8.8.8.8
TCP: Interfaces\{686ae903-d51c-494b-b7ce-3e29374680b0} : NameServer = 8.8.8.8
TCP: Interfaces\{7ec61557-8dac-4a2b-8a6a-4663c912ac16} : NameServer = 8.8.8.8
TCP: Interfaces\{7ec61557-8dac-4a2b-8a6a-4663c912ac16} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{80f425d5-839c-4ed6-b586-9264a1da179a} : NameServer = 8.8.8.8
TCP: Interfaces\{80f425d5-839c-4ed6-b586-9264a1da179a} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{80f425d5-839c-4ed6-b586-9264a1da179a}\2656C6B696E6E2839353E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{80f425d5-839c-4ed6-b586-9264a1da179a}\86F6D65602E6564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d} : NameServer = 8.8.8.8
TCP: Interfaces\{ab887893-2645-4144-8dab-e949a5ee3b17} : NameServer = 8.8.8.8
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-Run: [ForteConfig] "C:\Program Files\Conexant\ForteConfig\fmapp.exe"
x64-Run: [cAudioFilterAgent] "C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
x64-Run: [SmartAudio] "C:\Program Files\CONEXANT\SAII\SACpl.exe" /t
x64-Run: [S6000Mnt] "C:\WINDOWS\WebCam\S6000\S6000Mnt.exe"
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [PhoneCompanion] C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe
x64-Run: [Energy Manager] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
x64-Run: [Lenovo Utility] C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe
x64-Run: [StartCN] "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
x64-Run: [panellapanella] "C:\Program Files (x86)\Skybox\iger.exe"
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\1d6jubjh.default-1483745611553\
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\WINDOWS\System32\drivers\amd_sata.sys [2015-4-8 81608]
R0 amd_xata;amd_xata;C:\WINDOWS\System32\drivers\amd_xata.sys [2015-4-8 23752]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2015-4-8 36608]
R0 amdpsp;AMD PSP Service;C:\WINDOWS\System32\drivers\amdpsp.sys [2015-6-23 277240]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-8 48992]
R0 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2017-1-5 250816]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2014-4-3 841944]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2014-4-3 244544]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 CLVirtualDrive;CLVirtualDrive;C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2015-4-8 91912]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R2 APXACC;AppEx Networks Accelerator LWF;C:\WINDOWS\System32\drivers\appexDrv.sys [2015-4-8 224992]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2013-9-24 35576]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\drivers\ETD.sys [2016-5-3 594008]
R3 MBAMProtection;MBAMProtection;C:\WINDOWS\System32\drivers\mbam.sys [2017-1-6 43968]
R3 mfeaack;McAfee Inc. mfeaack;C:\WINDOWS\System32\drivers\mfeaack.sys [2016-1-5 415976]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2014-4-3 351120]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2014-4-3 497888]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2014-4-3 82072]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 amdkmcsp;AMD Kernel Mode CSP Service;C:\WINDOWS\System32\drivers\amdkmcsp.sys [2015-6-23 101104]
S3 amdkmdan;amdkmdan;C:\WINDOWS\System32\drivers\atikmnag.sys [2015-12-8 20266520]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2014-4-3 80760]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-12 64352]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-01-07 00:16:18 -------- d-----w- C:\WINDOWS\System32\MpEngineStore
2017-01-06 16:44:46 11781064 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{77947B67-5E1A-4491-85D8-BB7262FE63AC}\mpengine.dll
2017-01-06 05:04:50 102856 ----a-w- C:\WINDOWS\System32\drivers\farflt.sys
2017-01-06 05:04:41 176064 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-01-06 05:04:34 43968 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-01-06 05:04:08 77416 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-01-06 04:34:23 203680 ----a-w- C:\WINDOWS\System32\drivers\zam64.sys
2017-01-06 04:34:20 203680 ----a-w- C:\WINDOWS\System32\drivers\zamguard64.sys
2017-01-06 04:34:19 -------- d-----w- C:\Users\Denise\AppData\Local\Zemana
2017-01-06 01:54:44 11781064 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2017-01-05 06:24:52 91584 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-01-05 06:24:35 250816 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-01-05 06:24:09 -------- d-----w- C:\ProgramData\Malwarebytes
2017-01-05 06:24:09 -------- d-----w- C:\Program Files\Malwarebytes
2017-01-05 05:27:58 -------- d-----w- C:\Users\Denise\AppData\Local\__SHARED
2017-01-05 05:27:57 -------- d-----w- C:\Users\Denise\AppData\Local\DIAL
2017-01-05 05:08:55 -------- d---a-w- C:\Program Files\HitmanPro
2017-01-05 05:08:39 -------- d-----w- C:\ProgramData\HitmanPro
2017-01-05 04:14:48 -------- d-----w- C:\ProgramData\ApphserftoH
2017-01-05 02:22:56 -------- d-----w- C:\Users\Denise\AppData\Local\ElevatedDiagnostics
2017-01-05 02:21:16 -------- d-----w- C:\ProgramData\COMODO
2017-01-05 02:20:27 -------- d-----w- C:\Microsoft
2017-01-05 02:20:15 -------- d-----w- C:\WINDOWS\System32\SSL
2017-01-05 02:18:58 187904 ----a-w- C:\WINDOWS\rsrcs.dll
2017-01-05 02:11:44 -------- d-----w- C:\ProgramData\My Web Shield
2017-01-05 02:10:24 -------- d-----w- C:\Users\Denise\AppData\Local\Programs
2017-01-05 02:09:47 -------- d--h--w- C:\Program Files (x86)\Skybox
2017-01-05 02:09:47 -------- d-----w- C:\Program Files (x86)\domes
2017-01-05 0211 825536 ---h--w- C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe
2017-01-05 0208 510920 ---h--w- C:\Program Files (x86)\Mozilla Firefox\fir?f??.b?t.exe
2017-01-04 09:13:36 10752 ----a-w- C:\WINDOWS\difficulties.exe
2017-01-04 09:13:36 10752 ----a-w- C:\Users\Denise\AppData\Local\iger.exe
2016-12-16 00:52:58 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-16 00:46:13 8168000 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-12-16 00:46:03 503808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll
2016-12-16 00:44:56 1572768 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2016-12-13 22:22:33 20364888 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2016-12-10 20:07:54 2484736 ----a-w- C:\WINDOWS\SysWow64\gameux.dll
2016-12-10 20:02:03 73216 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryBroker.dll
2016-12-10 20:02:03 4136448 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2016-12-10 20:02:03 328008 ----a-w- C:\WINDOWS\System32\Windows.Storage.ApplicationData.dll
2016-12-10 20:02:03 2104320 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2016-12-10 20:02:03 122880 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryClient.dll
2016-12-10 20:02:03 107520 ----a-w- C:\WINDOWS\System32\VPNv2CSP.dll
2016-12-10 20:00:59 870400 ----a-w- C:\WINDOWS\System32\mfmkvsrcsnk.dll
2016-12-10 19:59:59 620544 ----a-w- C:\WINDOWS\System32\wbem\MDMSettingsProv.dll
2016-12-10 19:59:43 258560 ----a-w- C:\WINDOWS\System32\drivers\xboxgip.sys
2016-12-10 19:59:43 219488 ----a-w- C:\WINDOWS\System32\drivers\tpm.sys
2016-12-10 19:59:42 967168 ----a-w- C:\WINDOWS\System32\drivers\bthport.sys
2016-12-10 19:59:42 335712 ----a-w- C:\WINDOWS\System32\drivers\pci.sys
2016-12-09 00:24:25 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{676672A2-D4EF-4456-BB11-94952947F2CB}\gapaengine.dll
.
==================== Find3M ====================
.
2017-01-06 17:49:13 65536 ----a-w- C:\WINDOWS\System32\spu_storage.bin
2016-12-11 23:56:25 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-11 23:56:25 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-12-10 03:02:12 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2016-12-09 10:42:15 1637728 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-12-09 10:42:14 137568 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-12-09 10:34:34 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-12-09 10:34:34 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-12-09 10:33:26 1354320 ----a-w- C:\WINDOWS\System32\winload.efi
2016-12-09 10:33:26 1173496 ----a-w- C:\WINDOWS\System32\winload.exe
2016-12-09 10:32:11 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-09 10:30:39 377184 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2016-12-09 10:29:23 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-09 10:28:24 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2016-12-09 10:27:38 172528 ----a-w- C:\WINDOWS\System32\sspicli.dll
2016-12-09 10:20:21 2677544 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-12-09 10:20:20 2189664 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-12-09 10:20:16 658784 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-12-09 10:20:13 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-12-09 10:20:12 1738560 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2016-12-09 10:19:35 1293152 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2016-12-09 10:19:21 168424 ----a-w- C:\WINDOWS\System32\bcrypt.dll
2016-12-09 10:18:47 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-09 10:18:21 2913144 ----a-w- C:\WINDOWS\System32\combase.dll
2016-12-09 10:18:16 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2016-12-09 10:18:15 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2016-12-09 10:18:14 811872 ----a-w- C:\WINDOWS\System32\hvloader.exe
2016-12-09 10:18:12 947552 ----a-w- C:\WINDOWS\System32\hvloader.efi
2016-12-09 10:18:09 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2016-12-09 10:15:18 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-09 10:14:50 1274712 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-12-09 10:14:33 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-09 10:11:15 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2016-12-09 10:10:58 1461200 ----a-w- C:\WINDOWS\System32\user32.dll
2016-12-09 10:09:27 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-09 10:01:59 2323728 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-12-09 10:01:43 1503544 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2016-12-09 10:01:08 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2016-12-09 10:00:58 106896 ----a-w- C:\WINDOWS\SysWow64\bcrypt.dll
2016-12-09 09:59:25 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2016-12-09 09:59:24 2166752 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2016-12-09 09:57:00 6668040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-12-09 09:56:15 959112 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-12-09 09:52:21 1435896 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2016-12-09 09:52:21 1415752 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2016-12-09 09:51:08 117240 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2016-12-09 09:47:29 22563328 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-09 09:45:47 40448 ----a-w- C:\WINDOWS\System32\WordBreakers.dll
2016-12-09 09:45:43 206848 ----a-w- C:\WINDOWS\System32\win32k.sys
2016-12-09 09:42:29 227328 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-12-09 09:41:22 380928 ----a-w- C:\WINDOWS\System32\wincorlib.dll
2016-12-09 09:41:06 32768 ----a-w- C:\WINDOWS\SysWow64\WordBreakers.dll
2016-12-09 09:40:38 147968 ----a-w- C:\WINDOWS\SysWow64\win32k.sys
2016-12-09 09:38:39 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:37:29 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-09 09:37:10 411136 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2016-12-09 09:37:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-09 09:36:56 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-09 09:36:32 410112 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-12-09 09:36:09 3059200 ----a-w- C:\WINDOWS\System32\msi.dll
2016-12-09 09:36:05 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:36:02 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-09 09:34:52 822784 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2016-12-09 09:34:31 288768 ----a-w- C:\WINDOWS\SysWow64\wincorlib.dll
2016-12-09 09:33:42 3777536 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2016-12-09 09:33:37 1589760 ----a-w- C:\WINDOWS\System32\msdtctm.dll
2016-12-09 09:32:18 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2016-12-09 09:31:22 3689984 ----a-w- C:\WINDOWS\SysWow64\msi.dll
2016-12-09 09:31:20 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-09 09:31:11 313856 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2016-12-09 09:30:32 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-09 09:30:31 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-09 09:29:51 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-09 09:28:55 1004544 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
2016-12-09 09:28:12 3306496 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2016-12-09 09:27:55 5114368 ----a-w- C:\WINDOWS\System32\cdp.dll
2016-12-09 09:27:36 981504 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.OnlineId.dll
2016-12-09 09:26:32 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-09 09:26:01 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2016-12-09 09:25:28 376832 ----a-w- C:\WINDOWS\System32\CryptoWinRT.dll
2016-12-09 09:24:21 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-09 09:22:27 1490944 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-09 09:22:06 2820096 ----a-w- C:\WINDOWS\System32\InputService.dll
2016-12-09 09:22:02 2688512 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-09 09:21:48 4746752 ----a-w- C:\WINDOWS\System32\jscript9.dll
2016-12-09 09:21:42 3616768 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2016-12-09 09:21:31 1512960 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2016-12-09 09:21:04 716800 ----a-w- C:\WINDOWS\System32\ShareHost.dll
2016-12-09 09:20:36 730624 ----a-w- C:\WINDOWS\System32\fveapi.dll
2016-12-09 09:20:35 3198464 ----a-w- C:\WINDOWS\SysWow64\cdp.dll
2016-12-09 09:20:33 6044160 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-12-09 09:20:32 172544 ----a-w- C:\WINDOWS\System32\DeviceEnroller.exe
2016-12-09 09:20:05 187392 ----a-w- C:\WINDOWS\System32\mdmregistration.dll
2016-12-09 09:19:46 433664 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2016-12-09 09:19:45 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2016-12-09 09:19:43 261120 ----a-w- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
2016-12-09 09:19:32 85504 ----a-w- C:\WINDOWS\System32\EditBufferTestHook.dll
2016-12-09 09:19:32 119296 ----a-w- C:\WINDOWS\System32\InputLocaleManager.dll
2016-12-09 09:18:38 3666432 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2016-12-09 09:18:36 2138112 ----a-w- C:\WINDOWS\SysWow64\InputService.dll
.
============= FINISH: 2018.33 ===============
Attached Files
File Type: txt attach.txt (5.1 KB, 12 views)
lennonforever is offline  
Old 01-06-2017, 05:26 PM   #3
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



BTW I do have access to a Win install but not Win 10
lennonforever is offline  
Sponsored Links
Advertisement
 
Old 01-07-2017, 09:05 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-08-2017, 05:07 PM   #5
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



Thank you so much!
lennonforever is offline  
Old 01-08-2017, 05:13 PM   #6
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



chrome://browser/content/browser.js:7887

This keeps coming up too, and telling me " a script is running" do I want to "stop it, or continue" It's crazy. I don't even have Chrome I use FF.

and then before that , it said something about "abc". Is that th source of the crazy sound? I shall do everything you say. I appreciate your time.
lennonforever is offline  
Old 01-08-2017, 06:06 PM   #7
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



# AdwCleaner v6.042 - Logfile created 08/01/2017 at 20:32:18
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Denise - DENISE
# Running from : C:\Users\Denise\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Denise\AppData\Local\pokki
[#] Folder deleted on reboot: C:\Users\Denise\AppData\Local\Pokki
[-] Folder deleted: C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\1d6jubjh.default-1483745611553\adblocker
[-] Folder deleted: C:\ProgramData\pokki
[#] Folder deleted on reboot: C:\ProgramData\Pokki
[-] Folder deleted: C:\ProgramData\My Web Shield
[-] Folder deleted: C:\ProgramData\ApphserftoH
[#] Folder deleted on reboot: C:\ProgramData\Application Data\pokki
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Pokki
[#] Folder deleted on reboot: C:\ProgramData\Application Data\My Web Shield
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ApphserftoH
[-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
[#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki
[-] Folder deleted: C:\Users\Public\Pokki


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKLM\SOFTWARE\IDOT
[-] Key deleted: [x64] HKLM\SOFTWARE\IDOT
[-] Data restored: HKU\S-1-5-21-113211752-4274891595-2432965205-1002\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data restored: HKU\S-1-5-21-113211752-4274891595-2432965205-1002\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
[-] Key deleted: HKU\S-1-5-21-113211752-4274891595-2432965205-1002\Software\Microsoft\Internet Explorer\SearchScopes\{D05954BD-18AD-4ED5-8804-4D0901B0D286}
[-] Data restored: HKU\S-1-5-21-113211752-4274891595-2432965205-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D05954BD-18AD-4ED5-8804-4D0901B0D286}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D05954BD-18AD-4ED5-8804-4D0901B0D286}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Funny Comedy and Entertainment videos govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Funny Comedy and Entertainment videos govids.net
[-] Value deleted: HKU\S-1-5-21-113211752-4274891595-2432965205-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Value deleted: HKU\S-1-5-21-113211752-4274891595-2432965205-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [ProxyGate]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [vnlgp]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnonymizerGadget]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [AnonymizerGadget]


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4966 Bytes] - [08/01/2017 20:32:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [5155 Bytes] - [08/01/2017 20:24:17]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5112 Bytes] ##########
lennonforever is offline  
Old 01-08-2017, 06:16 PM   #8
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Denise (administrator) on DENISE (08-01-2017 21:08:21)
Running from C:\Users\Denise\Downloads
Loaded Profiles: Denise (Available Profiles: Denise & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
() C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LU.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [S6000Mnt] => C:\WINDOWS\WebCam\S6000\S6000Mnt.exe [516608 2016-02-24] (Alcor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3805928 2016-08-15] (ELAN Microelectronics Corp.)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-04-08] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2015-04-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2015-04-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [panellapanella] => C:\Program Files (x86)\Skybox\iger.exe [10752 2017-01-04] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [ackroydackroyd] => C:\Program Files (x86)\Skybox\iger.exe [10752 2017-01-04] ()
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\...\Run: [EPSON NX410 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE [223232 2008-10-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\...\Run: [gurskygursky] => C:\Program Files (x86)\Skybox\iger.exe [10752 2017-01-04] ()
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\...\Run: [ranarana] => C:\Program Files (x86)\Skybox\iger.exe [10752 2017-01-04] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2453eb96-6740-4fae-b2bc-54f7a760aa3e}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{686ae903-d51c-494b-b7ce-3e29374680b0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7ec61557-8dac-4a2b-8a6a-4663c912ac16}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{80f425d5-839c-4ed6-b586-9264a1da179a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ab887893-2645-4144-8dab-e949a5ee3b17}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKU\S-1-5-21-113211752-4274891595-2432965205-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-113211752-4274891595-2432965205-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-113211752-4274891595-2432965205-1002 -> {826A57B5-5741-4B8B-881C-B76427A64A1B} URL =

FireFox:
========
FF ProfilePath: C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\1d6jubjh.default-1483745611553 [2017-01-08]
FF Extension: (NoSquint Plus) - C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\1d6jubjh.default-1483745611553\Extensions\[email protected] [2017-01-06]
FF Extension: (Ad-Blocker ) - C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\1d6jubjh.default-1483745611553\Extensions\{b89efd87-232e-4829-87d2-22148919d72f}.xpi [2017-01-06]
FF Extension: (Facebook Adblock) - C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\1d6jubjh.default-1483745611553\Extensions\{d403ee9c-3bd2-41d3-b1e9-27698babf097}.xpi [2017-01-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2017-01-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-05] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.5\npGoogleUpdate3.dll [No File]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-11-29] () [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134888 2016-08-15] (ELAN Microelectronics Corp.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-04-08] (Lenovo(beijing) Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
S4 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-04-08] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-04-08] (Lenovo)
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-23] (Advanced Micro Devices, Inc. )
S3 amdkmdan; C:\WINDOWS\system32\DRIVERS\atikmnag.sys [20266520 2015-12-08] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [277240 2015-06-23] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-06] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-06] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-06] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )
R3 S6000KNT; C:\WINDOWS\System32\Drivers\S6000KNT.sys [732672 2016-02-24] (Alcor Micro, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-01-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-05] (Zemana Ltd.)
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 21:08 - 2017-01-08 21:09 - 00014300 _____ C:\Users\Denise\Downloads\FRST.txt
2017-01-08 21:07 - 2017-01-08 21:08 - 00000000 ____D C:\FRST
2017-01-08 21:07 - 2017-01-08 21:07 - 02419200 _____ (Farbar) C:\Users\Denise\Downloads\FRST64.exe
2017-01-08 20:13 - 2017-01-08 20:32 - 00000000 ____D C:\AdwCleaner
2017-01-08 20:10 - 2017-01-08 20:13 - 03988944 _____ C:\Users\Denise\Downloads\AdwCleaner.exe
2017-01-07 00:52 - 2017-01-07 00:54 - 00266654 _____ C:\TDSSKiller.3.1.0.12_07.01.2017_00.52.44_log.txt
2017-01-07 00:43 - 2017-01-07 00:43 - 00000000 ____D C:\ProgramData\Sophos
2017-01-07 00:20 - 2017-01-07 00:52 - 00061136 _____ C:\TDSSKiller.3.1.0.12_07.01.2017_00.20.41_log.txt
2017-01-06 22:27 - 2017-01-06 22:27 - 00000000 ____D C:\Users\Denise\AppData\Local\Conexant
2017-01-06 21:37 - 2017-01-06 21:37 - 00001317 _____ C:\Users\Denise\Desktop\Internet Explorer - Shortcut.lnk
2017-01-06 20:23 - 2017-01-06 20:23 - 00005264 _____ C:\Users\Denise\Documents\Attach.txt
2017-01-06 20:06 - 2017-01-06 20:06 - 00025613 _____ C:\Users\Denise\Desktop\dds.txt
2017-01-06 20:06 - 2017-01-06 20:06 - 00005264 _____ C:\Users\Denise\Desktop\attach.txt
2017-01-06 19:16 - 2017-01-06 21:16 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2017-01-06 00:16 - 2017-01-06 11:35 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-06 00:04 - 2017-01-06 22:00 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-06 00:04 - 2017-01-06 21:59 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-06 00:04 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-05 23:34 - 2017-01-08 21:09 - 00069307 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-05 23:34 - 2017-01-08 21:09 - 00034877 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-05 23:34 - 2017-01-05 23:34 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-01-05 23:34 - 2017-01-05 23:34 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-01-05 23:34 - 2017-01-05 23:34 - 00000000 ____D C:\Users\Denise\AppData\Local\Zemana
2017-01-05 22:59 - 2017-01-05 22:59 - 00093088 _____ C:\Users\Denise\Downloads\Mozilla Firefox Start Page.xht
2017-01-05 22:59 - 2017-01-05 22:59 - 00000000 ____D C:\Users\Denise\Downloads\Mozilla Firefox Start Page_files
2017-01-05 22:50 - 2017-01-05 22:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-05 22:50 - 2017-01-05 22:50 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-01-05 22:30 - 2017-01-05 22:31 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-01-05 22:26 - 2017-01-05 22:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Lenovo
2017-01-05 22:24 - 2017-01-05 22:24 - 00000000 ____D C:\Users\Administrator\AppData\Local\__SHARED
2017-01-05 22:23 - 2017-01-06 21:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2017-01-05 22:23 - 2017-01-05 22:23 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-01-05 22:23 - 2017-01-05 22:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comms
2017-01-05 21:57 - 2017-01-05 21:57 - 00001165 _____ C:\Users\Denise\Desktop\Administrative Tools - Shortcut.lnk
2017-01-05 21:43 - 2017-01-06 11:57 - 00000000 ____D C:\Users\Denise\Documents\Administrative Tools
2017-01-05 19:50 - 2017-01-05 19:50 - 00003302 _____ C:\WINDOWS\System32\Tasks\{C0EDF6E1-4A2D-4AA4-8C9F-C7027E96E9C7}
2017-01-05 01:24 - 2017-01-06 22:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-05 01:24 - 2017-01-06 21:59 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-05 01:24 - 2017-01-06 00:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-05 00:27 - 2017-01-05 00:27 - 00000000 ____D C:\Users\Denise\AppData\Local\DIAL
2017-01-05 00:27 - 2017-01-05 00:27 - 00000000 ____D C:\Users\Denise\AppData\Local\__SHARED
2017-01-05 00:22 - 2017-01-05 22:51 - 00001426 _____ C:\WINDOWS\system32\.crusader
2017-01-05 00:08 - 2017-01-06 21:45 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-05 00:08 - 2017-01-05 09:36 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-04 22:38 - 2017-01-04 22:38 - 00000046 _____ C:\WINDOWS\wininit.ini
2017-01-04 21:22 - 2017-01-04 21:22 - 00000000 ____D C:\Users\Denise\AppData\Local\ElevatedDiagnostics
2017-01-04 21:21 - 2017-01-04 21:23 - 00000000 ____D C:\ProgramData\COMODO
2017-01-04 21:20 - 2017-01-04 22:21 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-04 21:18 - 2017-01-05 19:24 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-01-04 21:18 - 2017-01-04 21:18 - 00003234 _____ C:\WINDOWS\System32\Tasks\{5D10060C-CE9A-4E45-8AD5-FA806AFF8B13}
2017-01-04 21:09 - 2017-01-05 09:33 - 00000000 ____D C:\Program Files (x86)\domes
2017-01-04 21:09 - 2017-01-04 23:50 - 00000000 ___HD C:\Program Files (x86)\Skybox
2017-01-04 21:09 - 2017-01-04 21:10 - 00003706 _____ C:\WINDOWS\System32\Tasks\tsk74940622k74940622
2017-01-04 21:08 - 2017-01-04 21:08 - 00003382 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2017-01-04 04:13 - 2017-01-04 04:13 - 00010752 _____ C:\WINDOWS\difficulties.exe
2017-01-04 04:13 - 2017-01-04 04:13 - 00010752 _____ C:\Users\Denise\AppData\Local\iger.exe
2017-01-02 20:05 - 2017-01-02 20:06 - 00091697 _____ C:\Users\Denise\Downloads\horrorhound-weekend-cincinnati-march-2017(2).pdf
2017-01-02 20:05 - 2017-01-02 20:05 - 00091697 _____ C:\Users\Denise\Downloads\horrorhound-weekend-cincinnati-march-2017(1).pdf
2017-01-02 20:02 - 2017-01-02 20:02 - 00091721 _____ C:\Users\Denise\Downloads\horrorhound-weekend-cincinnati-march-2017.pdf
2016-12-15 19:53 - 2016-12-09 05:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-15 19:53 - 2016-12-09 05:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-15 19:53 - 2016-12-09 04:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-15 19:53 - 2016-12-09 04:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-15 19:53 - 2016-12-09 04:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-15 19:53 - 2016-12-09 04:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-15 19:53 - 2016-12-09 04:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-15 19:53 - 2016-12-09 04:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-15 19:53 - 2016-12-09 04:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-15 19:53 - 2016-12-09 04:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-15 19:53 - 2016-12-09 04:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-15 19:53 - 2016-12-09 04:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-15 19:53 - 2016-12-09 04:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-15 19:53 - 2016-12-09 04:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-15 19:53 - 2016-12-09 04:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-15 19:53 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-15 19:52 - 2016-12-09 05:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-15 19:52 - 2016-12-09 05:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-15 19:52 - 2016-12-09 05:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-15 19:52 - 2016-12-09 04:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-15 19:52 - 2016-12-09 04:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-15 19:52 - 2016-12-09 04:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-15 19:52 - 2016-12-09 04:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-15 19:52 - 2016-12-09 04:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-15 19:52 - 2016-12-09 04:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-15 19:52 - 2016-12-09 04:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-15 19:52 - 2016-12-09 04:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-15 19:52 - 2016-12-09 04:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-15 19:52 - 2016-12-09 04:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-15 19:52 - 2016-12-09 04:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-15 19:52 - 2016-12-09 04:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-15 19:52 - 2016-12-09 04:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-15 19:52 - 2016-12-09 04:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-15 19:52 - 2016-12-09 04:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-15 19:52 - 2016-12-09 04:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-15 19:52 - 2016-12-09 04:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-15 19:52 - 2016-12-09 04:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-15 19:52 - 2016-12-09 04:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-15 19:52 - 2016-12-09 04:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-15 19:52 - 2016-12-09 04:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-15 19:52 - 2016-12-09 04:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-15 19:52 - 2016-12-09 04:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-15 19:52 - 2016-12-09 03:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-15 19:46 - 2016-12-09 05:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-15 19:45 - 2016-12-09 05:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-15 19:45 - 2016-12-09 05:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-15 19:45 - 2016-12-09 05:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-15 19:45 - 2016-12-09 05:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-15 19:45 - 2016-12-09 05:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-15 19:45 - 2016-12-09 05:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-15 19:45 - 2016-12-09 05:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-15 19:45 - 2016-12-09 05:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-15 19:45 - 2016-12-09 05:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-15 19:45 - 2016-12-09 05:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-15 19:45 - 2016-12-09 04:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-15 19:45 - 2016-12-09 04:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-15 19:45 - 2016-12-09 04:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-15 19:45 - 2016-12-09 04:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-15 19:45 - 2016-12-09 04:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-15 19:45 - 2016-12-09 04:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-15 19:45 - 2016-12-09 04:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-15 19:45 - 2016-12-09 04:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-15 19:45 - 2016-12-09 04:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-15 19:45 - 2016-12-09 04:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-15 19:45 - 2016-12-09 04:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-15 19:45 - 2016-12-09 04:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-15 19:45 - 2016-12-09 04:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-15 19:45 - 2016-12-09 04:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-15 19:45 - 2016-12-09 04:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-15 19:45 - 2016-12-09 04:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-15 19:45 - 2016-12-09 04:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-15 19:45 - 2016-12-09 04:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-15 19:45 - 2016-12-09 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-15 19:45 - 2016-12-09 04:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-15 19:45 - 2016-12-09 04:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-15 19:45 - 2016-12-09 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-15 19:45 - 2016-12-09 04:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-15 19:45 - 2016-12-09 04:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-15 19:45 - 2016-12-09 04:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-15 19:45 - 2016-12-09 04:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-15 19:45 - 2016-12-09 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-15 19:45 - 2016-09-15 11:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-15 19:44 - 2016-12-09 05:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-15 19:44 - 2016-12-09 05:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-15 19:44 - 2016-12-09 05:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-15 19:44 - 2016-12-09 05:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-15 19:44 - 2016-12-09 05:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-15 19:44 - 2016-12-09 05:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-15 19:44 - 2016-12-09 05:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-15 19:44 - 2016-12-09 05:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-15 19:44 - 2016-12-09 05:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-15 19:44 - 2016-12-09 05:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-15 19:44 - 2016-12-09 05:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-15 19:44 - 2016-12-09 05:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-15 19:44 - 2016-12-09 05:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-15 19:44 - 2016-12-09 05:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-15 19:44 - 2016-12-09 05:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-15 19:44 - 2016-12-09 05:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-15 19:44 - 2016-12-09 05:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-15 19:44 - 2016-12-09 05:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-15 19:44 - 2016-12-09 05:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-15 19:44 - 2016-12-09 05:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-15 19:44 - 2016-12-09 05:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-15 19:44 - 2016-12-09 04:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-15 19:44 - 2016-12-09 04:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-15 19:44 - 2016-12-09 04:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-15 19:44 - 2016-12-09 04:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-15 19:44 - 2016-12-09 04:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-15 19:44 - 2016-12-09 04:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-15 19:44 - 2016-12-09 04:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-15 19:44 - 2016-12-09 04:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-15 19:44 - 2016-12-09 04:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-15 19:44 - 2016-12-09 04:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-15 19:44 - 2016-12-09 04:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-15 19:44 - 2016-12-09 04:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-15 19:44 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-13 17:22 - 2016-12-13 17:22 - 20364888 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-12-10 15:08 - 2016-11-11 03:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-10 15:08 - 2016-11-11 03:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-10 15:08 - 2016-11-11 03:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-10 15:08 - 2016-11-11 03:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-10 15:08 - 2016-11-11 02:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-10 15:08 - 2016-11-11 02:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-10 15:08 - 2016-11-11 02:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-10 15:08 - 2016-11-11 02:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-10 15:08 - 2016-11-11 02:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-10 15:08 - 2016-11-11 02:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-10 15:08 - 2016-11-11 02:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-10 15:08 - 2016-11-11 02:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-10 15:08 - 2016-11-11 02:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-10 15:08 - 2016-11-11 02:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-10 15:08 - 2016-11-11 02:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-10 15:08 - 2016-11-11 02:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-10 15:08 - 2016-11-11 02:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-10 15:08 - 2016-11-11 02:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-10 15:08 - 2016-11-11 02:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-10 15:08 - 2016-11-11 02:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-10 15:08 - 2016-11-11 02:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-10 15:08 - 2016-11-11 02:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-10 15:08 - 2016-11-11 02:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-10 15:08 - 2016-11-11 02:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-10 15:08 - 2016-11-11 02:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-10 15:08 - 2016-11-11 02:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-10 15:08 - 2016-11-11 02:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-10 15:08 - 2016-11-11 02:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-10 15:08 - 2016-11-11 02:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-10 15:08 - 2016-11-11 02:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 15:08 - 2016-11-11 02:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-10 15:08 - 2016-11-11 02:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-10 15:08 - 2016-11-11 02:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-10 15:08 - 2016-11-11 02:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-10 15:08 - 2016-11-11 02:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-10 15:08 - 2016-11-11 02:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-10 15:08 - 2016-11-11 02:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-10 15:08 - 2016-11-11 02:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-10 15:08 - 2016-11-11 02:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-10 15:08 - 2016-11-11 02:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-10 15:08 - 2016-11-11 02:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-10 15:08 - 2016-11-11 02:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-10 15:08 - 2016-11-11 02:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-10 15:08 - 2016-11-11 02:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 15:08 - 2016-11-11 02:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-10 15:08 - 2016-11-11 02:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-10 15:08 - 2016-11-11 02:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-10 15:08 - 2016-11-11 02:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-10 15:08 - 2016-11-11 02:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-10 15:08 - 2016-11-11 02:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-10 15:08 - 2016-11-11 02:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-10 15:08 - 2016-11-11 02:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-10 15:08 - 2016-11-11 02:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-10 15:08 - 2016-11-11 02:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-10 15:08 - 2016-11-11 02:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-10 15:08 - 2016-11-11 02:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-10 15:08 - 2016-11-11 02:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-10 15:08 - 2016-11-11 02:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-10 15:08 - 2016-11-11 02:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-10 15:08 - 2016-11-11 02:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-10 15:08 - 2016-11-11 02:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-10 15:08 - 2016-11-11 02:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-10 15:08 - 2016-11-11 02:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-10 15:08 - 2016-11-11 02:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-10 15:08 - 2016-11-11 02:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-10 15:08 - 2016-11-11 02:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-10 15:08 - 2016-11-11 02:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-10 15:08 - 2016-11-11 02:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-10 15:08 - 2016-11-11 02:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-10 15:08 - 2016-11-11 02:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-10 15:08 - 2016-11-11 02:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-10 15:08 - 2016-11-11 02:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-10 15:07 - 2016-11-11 03:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-10 15:07 - 2016-11-11 02:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-10 15:07 - 2016-11-11 02:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-10 15:07 - 2016-11-11 02:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-10 15:07 - 2016-11-11 02:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-10 15:07 - 2016-11-11 02:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-10 15:07 - 2016-11-11 02:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-10 15:07 - 2016-11-11 02:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-10 15:07 - 2016-11-11 02:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-10 15:07 - 2016-11-11 02:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-10 15:07 - 2016-11-11 02:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-10 15:07 - 2016-11-11 02:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-10 15:07 - 2016-11-11 02:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-10 15:07 - 2016-11-11 02:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-10 15:07 - 2016-11-11 02:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-10 15:07 - 2016-11-11 02:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-10 15:07 - 2016-11-11 02:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-10 15:07 - 2016-11-11 02:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-10 15:07 - 2016-11-11 02:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-10 15:07 - 2016-11-11 02:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-10 15:07 - 2016-11-11 02:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-10 15:07 - 2016-11-11 02:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-10 15:07 - 2016-11-11 02:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-10 15:07 - 2016-11-11 02:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-10 15:07 - 2016-11-11 02:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-10 15:02 - 2016-11-11 05:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 15:02 - 2016-11-11 04:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-10 15:02 - 2016-11-11 04:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 15:02 - 2016-11-11 04:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 15:02 - 2016-11-11 04:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 15:02 - 2016-11-11 04:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 15:01 - 2016-11-11 05:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 15:01 - 2016-11-11 05:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 15:01 - 2016-11-11 05:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 15:01 - 2016-11-11 05:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 15:01 - 2016-11-11 05:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 15:01 - 2016-11-11 05:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 15:01 - 2016-11-11 05:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-10 15:01 - 2016-11-11 05:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 15:01 - 2016-11-11 05:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 15:01 - 2016-11-11 04:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 15:01 - 2016-11-11 04:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 15:01 - 2016-11-11 04:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 15:01 - 2016-11-11 04:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 15:01 - 2016-11-11 04:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 15:01 - 2016-11-11 04:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 15:01 - 2016-11-11 04:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 15:01 - 2016-11-11 04:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 15:01 - 2016-11-11 04:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 15:01 - 2016-11-11 04:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 15:01 - 2016-11-11 04:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 15:01 - 2016-11-11 04:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 15:01 - 2016-11-11 04:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 15:01 - 2016-11-11 04:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 15:01 - 2016-11-11 04:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 15:01 - 2016-11-11 04:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 15:01 - 2016-11-11 04:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 15:01 - 2016-11-11 04:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-10 15:01 - 2016-11-11 04:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 15:01 - 2016-11-11 04:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 15:01 - 2016-11-11 04:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 15:01 - 2016-11-11 04:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 15:01 - 2016-11-11 04:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 15:01 - 2016-11-11 04:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 15:01 - 2016-11-11 04:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 15:01 - 2016-11-11 04:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 15:01 - 2016-11-11 04:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-10 15:01 - 2016-11-11 04:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 15:01 - 2016-11-11 04:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 15:01 - 2016-11-11 04:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 15:01 - 2016-11-11 04:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 15:01 - 2016-11-11 04:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-10 15:01 - 2016-11-11 04:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 15:01 - 2016-11-11 04:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-10 15:01 - 2016-11-11 04:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 15:01 - 2016-11-11 04:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-10 15:01 - 2016-11-11 04:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 15:01 - 2016-11-11 04:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 15:01 - 2016-11-11 04:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 15:01 - 2016-11-11 04:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 15:01 - 2016-11-11 04:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 15:01 - 2016-11-11 04:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 15:01 - 2016-11-11 04:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 15:01 - 2016-11-11 04:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 15:01 - 2016-11-11 04:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 15:01 - 2016-11-11 04:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 15:01 - 2016-11-11 04:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 15:01 - 2016-11-11 04:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 15:01 - 2016-11-11 04:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 15:01 - 2016-11-11 04:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 15:01 - 2016-11-11 04:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 15:01 - 2016-11-11 04:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 15:01 - 2016-11-11 04:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-10 15:01 - 2016-11-11 04:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 15:01 - 2016-11-11 04:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 15:01 - 2016-11-11 04:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 15:01 - 2016-11-11 04:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 15:01 - 2016-11-11 04:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-10 15:01 - 2016-11-11 04:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 15:01 - 2016-11-11 04:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 15:01 - 2016-11-11 04:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 15:01 - 2016-11-11 04:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 15:01 - 2016-11-11 04:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 15:01 - 2016-11-11 04:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 15:01 - 2016-11-11 04:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-10 15:01 - 2016-11-11 04:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-10 15:01 - 2016-11-11 04:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-10 15:01 - 2016-11-11 04:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 15:01 - 2016-11-11 04:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 15:01 - 2016-11-11 04:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 15:01 - 2016-11-11 04:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 15:00 - 2016-11-11 05:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 15:00 - 2016-11-11 05:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 15:00 - 2016-11-11 05:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 15:00 - 2016-11-11 05:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 15:00 - 2016-11-11 05:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 15:00 - 2016-11-11 05:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 15:00 - 2016-11-11 05:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 15:00 - 2016-11-11 05:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 15:00 - 2016-11-11 05:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 15:00 - 2016-11-11 05:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 15:00 - 2016-11-11 04:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 15:00 - 2016-11-11 04:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 15:00 - 2016-11-11 04:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 15:00 - 2016-11-11 04:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 15:00 - 2016-11-11 04:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-10 15:00 - 2016-11-11 04:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-10 15:00 - 2016-11-11 04:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 15:00 - 2016-11-11 04:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-10 15:00 - 2016-11-11 04:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 15:00 - 2016-11-11 04:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 15:00 - 2016-11-11 04:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 15:00 - 2016-11-11 04:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 15:00 - 2016-11-11 04:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 15:00 - 2016-11-11 04:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 15:00 - 2016-11-11 04:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 15:00 - 2016-11-11 04:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 15:00 - 2016-11-11 04:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 15:00 - 2016-11-11 04:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 15:00 - 2016-11-11 04:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 15:00 - 2016-11-11 04:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 15:00 - 2016-11-11 04:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 15:00 - 2016-11-11 04:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 15:00 - 2016-11-11 04:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 15:00 - 2016-11-11 04:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 15:00 - 2016-11-11 04:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 15:00 - 2016-11-11 04:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 15:00 - 2016-11-11 04:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 15:00 - 2016-11-11 04:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 15:00 - 2016-11-11 04:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 15:00 - 2016-11-11 04:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 15:00 - 2016-11-11 04:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 15:00 - 2016-11-11 04:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 15:00 - 2016-11-11 04:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 15:00 - 2016-11-11 04:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 15:00 - 2016-11-11 04:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 15:00 - 2016-11-11 04:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 15:00 - 2016-11-11 04:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-10 15:00 - 2016-11-11 04:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 15:00 - 2016-11-11 04:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 15:00 - 2016-11-11 04:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 15:00 - 2016-11-11 04:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 15:00 - 2016-11-11 04:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 15:00 - 2016-11-11 04:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 15:00 - 2016-11-11 04:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 15:00 - 2016-11-11 04:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 15:00 - 2016-11-11 04:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 15:00 - 2016-11-11 04:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 15:00 - 2016-11-11 04:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 15:00 - 2016-11-11 04:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 15:00 - 2016-11-11 04:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 15:00 - 2016-11-11 04:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 15:00 - 2016-11-11 04:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-10 15:00 - 2016-11-11 04:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 15:00 - 2016-11-11 04:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 15:00 - 2016-11-11 04:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 15:00 - 2016-11-11 04:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 15:00 - 2016-11-11 04:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 15:00 - 2016-11-11 04:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-10 15:00 - 2016-11-11 04:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-10 15:00 - 2016-11-11 04:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 15:00 - 2016-11-11 04:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 15:00 - 2016-11-11 04:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 15:00 - 2016-11-11 04:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 15:00 - 2016-11-11 04:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 15:00 - 2016-11-11 04:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 15:00 - 2016-11-11 04:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 15:00 - 2016-11-11 04:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 15:00 - 2016-11-11 04:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 15:00 - 2016-11-11 04:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 15:00 - 2016-11-11 04:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 15:00 - 2016-11-11 04:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-10 15:00 - 2016-11-11 04:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 14:59 - 2016-11-11 05:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 14:59 - 2016-11-11 05:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 14:59 - 2016-11-11 04:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 14:59 - 2016-11-11 04:18 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 21:02 - 2016-11-15 23:47 - 00000000 ____D C:\Users\Denise\AppData\LocalLow\Mozilla
2017-01-08 20:39 - 2015-04-08 15:50 - 01890778 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2017-01-08 20:38 - 2016-09-26 12:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-08 20:38 - 2016-09-26 11:52 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-01-08 20:38 - 2016-07-16 01:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-08 19:45 - 2016-09-26 11:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-07 17:12 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-06 22:27 - 2016-09-26 11:52 - 00000000 ____D C:\ProgramData\Conexant
2017-01-06 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\registration
2017-01-06 21:56 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-06 21:18 - 2016-01-06 13:53 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-06 00:16 - 2016-09-26 11:58 - 00000000 ____D C:\Users\Administrator
2017-01-05 23:53 - 2016-10-21 12:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-05 23:53 - 2016-01-05 12:03 - 00001063 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2017-01-05 23:34 - 2016-09-26 11:58 - 00000000 ____D C:\Users\Denise
2017-01-05 22:50 - 2016-01-05 03:56 - 00000000 ____D C:\Users\Denise\AppData\Local\Adobe
2017-01-05 22:49 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-05 22:49 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-05 22:25 - 2016-07-13 16:36 - 00002398 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-05 22:25 - 2016-06-26 18:44 - 00000000 ___RD C:\Users\Administrator\OneDrive
2017-01-05 22:25 - 2014-04-03 13:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-01-05 22:23 - 2015-06-26 05:45 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-05 19:52 - 2015-04-08 16:31 - 00000000 ____D C:\Program Files (x86)\Nitro
2017-01-05 16:01 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-05 09:35 - 2016-01-05 11:58 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-05 00:31 - 2016-01-11 19:41 - 01173704 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-04 23:50 - 2016-09-26 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2017-01-04 23:50 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\System
2017-01-04 23:50 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-04 23:50 - 2016-01-07 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2017-01-04 23:50 - 2016-01-07 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-01-04 23:50 - 2015-04-08 16:57 - 00000000 ____D C:\ProgramData\LU
2017-01-04 23:50 - 2015-04-08 16:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2017-01-04 23:50 - 2015-04-08 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-01-04 23:50 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-01-04 23:04 - 2016-09-26 11:49 - 00344368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-04 23:03 - 2015-06-25 14:52 - 00000000 ____D C:\Users\Denise\AppData\Local\Packages
2017-01-04 22:58 - 2015-04-08 16:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-04 22:56 - 2016-09-26 15:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-01-04 22:56 - 2015-10-30 04:07 - 00000000 ____D C:\WINDOWS\ShellNew
2017-01-04 22:48 - 2013-08-22 08:25 - 00000076 _____ C:\WINDOWS\win.ini
2017-01-04 22:45 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-04 22:40 - 2015-04-08 16:32 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-01-04 22:28 - 2015-04-08 15:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-31 21:35 - 2016-08-06 15:46 - 00000000 ____D C:\Users\Denise\AppData\Roaming\BitTorrent
2016-12-31 19:22 - 2016-12-01 12:30 - 00000000 ____D C:\Users\Denise\AppData\LocalLow\BitTorrent
2016-12-27 23:29 - 2016-09-26 11:50 - 00017170 _____ C:\WINDOWS\setupact.log
2016-12-23 22:09 - 2016-01-07 10:09 - 00000000 ____D C:\Users\Denise\AppData\Roaming\Nitro PDF
2016-12-20 12:57 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-19 11:23 - 2016-09-26 11:57 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-18 20:37 - 2016-07-16 01:04 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-18 00:59 - 2016-09-26 11:49 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-18 00:59 - 2016-09-26 11:49 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-18 00:58 - 2016-07-16 06:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-18 00:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-18 00:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-18 00:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-18 00:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-18 00:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-17 14:10 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 20:11 - 2016-01-06 13:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-11 18:56 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 18:56 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 18:50 - 2016-09-26 11:58 - 00524288 ___SH C:\Users\Denise\NTUSER.DAT{76e05df7-8411-11e6-b6ad-d2579c340bae}.TMContainer00000000000000000002.regtrans-ms
2016-12-11 18:50 - 2016-09-26 11:58 - 00065536 ___SH C:\Users\Denise\NTUSER.DAT{76e05df7-8411-11e6-b6ad-d2579c340bae}.TM.blf
2016-12-11 10:44 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-10 18:14 - 2016-09-26 12:35 - 00000174 ___SH C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-10 18:14 - 2016-01-05 03:49 - 00000174 ___SH C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-10 18:14 - 2016-01-05 03:49 - 00000000 ___RD C:\Users\Denise\Searches
2016-12-10 18:14 - 2016-01-05 03:49 - 00000000 ___RD C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-10 18:14 - 2015-06-25 14:53 - 00000402 ___SH C:\Users\Denise\Documents\desktop.ini
2016-12-10 18:14 - 2015-06-25 14:53 - 00000282 ___SH C:\Users\Denise\Downloads\desktop.ini
2016-12-10 18:14 - 2015-06-25 14:53 - 00000282 ___SH C:\Users\Denise\Desktop\desktop.ini
2016-12-10 18:14 - 2015-06-25 14:53 - 00000000 ___RD C:\Users\Denise\Contacts
2016-12-10 18:14 - 2015-06-25 14:51 - 00000000 ___RD C:\Users\Denise\Videos
2016-12-10 18:14 - 2015-06-25 14:51 - 00000000 ___RD C:\Users\Denise\Saved Games
2016-12-10 18:14 - 2015-06-25 14:51 - 00000000 ___RD C:\Users\Denise\Music
2016-12-10 18:14 - 2015-06-25 14:51 - 00000000 ___RD C:\Users\Denise\Links
2016-12-10 18:14 - 2015-06-25 14:51 - 00000000 ___RD C:\Users\Denise\Favorites
2016-12-10 18:10 - 2016-09-26 11:58 - 00524288 ___SH C:\Users\Denise\NTUSER.DAT{76e05df7-8411-11e6-b6ad-d2579c340bae}.TMContainer00000000000000000001.regtrans-ms
2016-12-10 18:09 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-10 18:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-10 18:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-10 18:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-10 18:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-10 18:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-10 18:09 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-10 18:09 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-10 18:09 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-10 18:09 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-10 18:09 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-09 22:02 - 2016-07-16 06:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-09 21:42 - 2016-11-29 21:30 - 00000000 ____D C:\Users\Denise\Downloads\Korn

==================== Files in the root of some directories =======

2016-01-05 03:49 - 2016-01-11 16:44 - 0029517 _____ () C:\Users\Denise\AppData\Local\BTServer.log
2017-01-04 04:13 - 2017-01-04 04:13 - 0010752 _____ () C:\Users\Denise\AppData\Local\iger.exe
2016-10-26 20:33 - 2016-10-26 20:33 - 0000017 _____ () C:\Users\Denise\AppData\Local\resmon.resmoncfg
2016-09-26 11:53 - 2016-09-26 11:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\HitmanPro.exe
C:\Users\Administrator\AppData\Local\Temp\Lenovo.TVT.CustomerFeedback.Agent.exe
C:\Users\Administrator\AppData\Local\Temp\PokkiPlatform.exe
C:\Users\Denise\AppData\Local\Temp\Q0mCN1DM-prog.exe
C:\Users\Denise\AppData\Local\Temp\tu17p84.exe
C:\Users\Denise\AppData\Local\Temp\W19KDBCLVJ.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-05 01:07

==================== End of FRST.txt ============================
lennonforever is offline  
Old 01-08-2017, 06:20 PM   #9
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



sorry , I submitted the FRST a second time.
lennonforever is offline  
Old 01-08-2017, 07:00 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Quote:
Originally Posted by lennonforever View Post
sorry , I submitted the FRST a second time.
No. You submitted the FRST log once, and didn't attach the Addition.txt log.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-08-2017, 09:24 PM   #11
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



OK I will try again Chemist , sorry, I am not a computer savvy person.
Attached Files
File Type: txt Addition 2.txt (40.8 KB, 16 views)
lennonforever is offline  
Old 01-08-2017, 09:26 PM   #12
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



I have tried to make sure I am a "built in admin" for my own computer , but i still have problems un-installing peer ware . I am endeavoring to do so.
lennonforever is offline  
Old 01-09-2017, 07:14 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lennonforever.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------

Please uninstall the following via Programs and Features(right-click the Windows "logo" button > Programs and Features) if it still exists:

Amazon 1Button App<<Please read this

Please delete the following Folder if it still exists:

C:\Program Files (x86)\amazon browser bar

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {407C3718-12AE-45ED-B3E6-F6C4BF16B802} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {446D65CC-9831-44F1-AEC1-A61D24043E6B} - System32\Tasks\{5D10060C-CE9A-4E45-8AD5-FA806AFF8B13} => pcalua.exe -a C:\Users\Denise\AppData\Local\uninstallro.exe
    Task: {524CFD8F-09FD-4574-A1E1-A8ECDC38737E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {70917B54-3B3F-4A5C-8DAE-BD785325423A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {71ABF785-13DD-4EDF-862E-3056683214EB} - \WPD\SqmUpload_S-1-5-21-113211752-4274891595-2432965205-1002 -> No File <==== ATTENTION
    Task: {845F7A00-839C-475B-9A44-364A6122295F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {8FDF0F84-0EF5-4FE7-9BD9-223773B7C2C1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {AE27EDFE-D87F-4CE3-8FC6-F5B43D0651E3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C9ADD37E-7E17-4E89-9645-F7CC5FAD2DC4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D8880ABC-548A-4455-9070-57B158C615EC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {E4B23392-9FBE-46A7-96C2-6011BD647FB5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {E75E840E-05FF-4B2A-BEDB-E9706B9689D7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {E78214AD-8600-4E09-A603-B69F8FD53D24} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {F9055B45-BA20-4DBD-8D87-EA672F78231B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Shortcut: C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
    Shortcut: C:\Users\Denise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
    Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic
    AlternateDataStreams: C:\Windows:nlsPreferences [386]
    SearchScopes: HKU\S-1-5-21-113211752-4274891595-2432965205-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-113211752-4274891595-2432965205-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-113211752-4274891595-2432965205-1002 -> {826A57B5-5741-4B8B-881C-B76427A64A1B} URL =
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.5\npGoogleUpdate3.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.5\npGoogleUpdate3.dll [No File]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-10-2017, 08:45 PM   #14
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



Mr Chemist- I got as far as saving "fixlist.txt" but the message box was confusing. It said that I couldn't save this in ANSI cause the code will be lost. Then it said choose "continue" instead of OK to save the UNIcode and a drop down box will appear for me to choose the format code??? But no drop down box occurred. What do I do? The file is in my downloads but it only is named "fixlist" not fixlist.txt

Also , I don't understand that it has to be in the "same place" as the FRST.exe. You mean in the downloads or in the notepad??
lennonforever is offline  
Old 01-11-2017, 04:47 PM   #15
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-01-2017
Ran by Denise (administrator) on DENISE (11-01-2017 19:29:24)
Running from C:\Users\Denise\Downloads
Loaded Profiles: Denise (Available Profiles: Denise & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
() C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [S6000Mnt] => C:\WINDOWS\WebCam\S6000\S6000Mnt.exe [516608 2016-02-24] (Alcor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3805928 2016-08-15] (ELAN Microelectronics Corp.)
HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-04-08] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2015-04-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2015-04-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [panellapanella] => C:\Program Files (x86)\Skybox\iger.exe [10752 2017-01-04] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110344 2014-09-09] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492808 2014-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [ackroydackroyd] => C:\Program Files (x86)\Skybox\iger.exe [10752 2017-01-04] ()
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\...\Run: [EPSON NX410 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE [223232 2008-10-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\...\Run: [gurskygursky] => C:\Program Files (x86)\Skybox\iger.exe [10752 2017-01-04] ()
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\...\Run: [ranarana] => C:\Program Files (x86)\Skybox\iger.exe [10752 2017-01-04] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2453eb96-6740-4fae-b2bc-54f7a760aa3e}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{686ae903-d51c-494b-b7ce-3e29374680b0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7ec61557-8dac-4a2b-8a6a-4663c912ac16}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{80f425d5-839c-4ed6-b586-9264a1da179a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{ab887893-2645-4144-8dab-e949a5ee3b17}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKU\S-1-5-21-113211752-4274891595-2432965205-1002 -> DefaultScope {D05954BD-18AD-4ED5-8804-4D0901B0D286} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
SearchScopes: HKU\S-1-5-21-113211752-4274891595-2432965205-1002 -> {826A57B5-5741-4B8B-881C-B76427A64A1B} URL =
SearchScopes: HKU\S-1-5-21-113211752-4274891595-2432965205-1002 -> {D05954BD-18AD-4ED5-8804-4D0901B0D286} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}

FireFox:
========
FF ProfilePath: C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\1d6jubjh.default-1483745611553 [2017-01-11]
FF Extension: (uBlock Origin) - C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\1d6jubjh.default-1483745611553\Extensions\[email protected] [2017-01-09]
FF Extension: (NoSquint Plus) - C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\1d6jubjh.default-1483745611553\Extensions\[email protected] [2017-01-06]
FF Extension: (Flashblock) - C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\1d6jubjh.default-1483745611553\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2017-01-08]
FF Extension: (Adblock Plus) - C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\1d6jubjh.default-1483745611553\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-08]
FF Extension: (Facebook Adblock) - C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\1d6jubjh.default-1483745611553\Extensions\{d403ee9c-3bd2-41d3-b1e9-27698babf097}.xpi [2017-01-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.5\npGoogleUpdate3.dll [No File]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-11-29] () [File not signed]
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-09] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [134888 2016-08-15] (ELAN Microelectronics Corp.)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-22] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-04-08] (Lenovo(beijing) Limited)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
S4 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-04-08] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-04-08] (Lenovo)
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-23] (Advanced Micro Devices, Inc. )
S3 amdkmdan; C:\WINDOWS\system32\DRIVERS\atikmnag.sys [20266520 2015-12-08] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [277240 2015-06-23] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-06] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-06] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-06] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )
R3 S6000KNT; C:\WINDOWS\System32\Drivers\S6000KNT.sys [732672 2016-02-24] (Alcor Micro, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-01-05] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-05] (Zemana Ltd.)
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-11 19:18 - 2017-01-11 19:18 - 00000000 ____D C:\Users\Denise\Downloads\FRST-OlderVersion
2017-01-10 23:15 - 2017-01-11 18:55 - 00006228 _____ C:\Users\Denise\Downloads\fixlist.txt
2017-01-09 02:07 - 2017-01-09 02:07 - 00001613 _____ C:\Users\Denise\Desktop\iexplore - Shortcut.lnk
2017-01-08 21:17 - 2017-01-08 21:17 - 00041805 _____ C:\Users\Denise\Downloads\Addition 2.txt
2017-01-08 21:11 - 2017-01-11 19:24 - 00039143 _____ C:\Users\Denise\Downloads\Addition.txt
2017-01-08 21:08 - 2017-01-11 19:29 - 00014287 _____ C:\Users\Denise\Downloads\FRST.txt
2017-01-08 21:07 - 2017-01-11 19:29 - 00000000 ____D C:\FRST
2017-01-08 21:07 - 2017-01-11 19:18 - 02419200 _____ (Farbar) C:\Users\Denise\Downloads\FRST64.exe
2017-01-08 20:13 - 2017-01-08 20:32 - 00000000 ____D C:\AdwCleaner
2017-01-08 20:10 - 2017-01-08 20:13 - 03988944 _____ C:\Users\Denise\Downloads\AdwCleaner.exe
2017-01-07 00:52 - 2017-01-07 00:54 - 00266654 _____ C:\TDSSKiller.3.1.0.12_07.01.2017_00.52.44_log.txt
2017-01-07 00:43 - 2017-01-07 00:43 - 00000000 ____D C:\ProgramData\Sophos
2017-01-07 00:20 - 2017-01-07 00:52 - 00061136 _____ C:\TDSSKiller.3.1.0.12_07.01.2017_00.20.41_log.txt
2017-01-06 22:27 - 2017-01-06 22:27 - 00000000 ____D C:\Users\Denise\AppData\Local\Conexant
2017-01-06 20:23 - 2017-01-06 20:23 - 00005264 _____ C:\Users\Denise\Documents\Attach.txt
2017-01-06 20:06 - 2017-01-06 20:06 - 00025613 _____ C:\Users\Denise\Desktop\dds.txt
2017-01-06 20:06 - 2017-01-06 20:06 - 00005264 _____ C:\Users\Denise\Desktop\attach.txt
2017-01-06 19:16 - 2017-01-06 21:16 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2017-01-06 00:16 - 2017-01-06 11:35 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-06 00:04 - 2017-01-06 22:00 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-06 00:04 - 2017-01-06 21:59 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-06 00:04 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-05 23:34 - 2017-01-11 19:29 - 00380151 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-05 23:34 - 2017-01-11 19:29 - 00345167 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-05 23:34 - 2017-01-05 23:34 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-01-05 23:34 - 2017-01-05 23:34 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-01-05 23:34 - 2017-01-05 23:34 - 00000000 ____D C:\Users\Denise\AppData\Local\Zemana
2017-01-05 22:59 - 2017-01-05 22:59 - 00093088 _____ C:\Users\Denise\Downloads\Mozilla Firefox Start Page.xht
2017-01-05 22:59 - 2017-01-05 22:59 - 00000000 ____D C:\Users\Denise\Downloads\Mozilla Firefox Start Page_files
2017-01-05 22:50 - 2017-01-10 19:06 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-01-05 22:50 - 2017-01-10 19:06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-05 22:30 - 2017-01-05 22:31 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2017-01-05 22:26 - 2017-01-05 22:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Lenovo
2017-01-05 22:24 - 2017-01-05 22:24 - 00000000 ____D C:\Users\Administrator\AppData\Local\__SHARED
2017-01-05 22:23 - 2017-01-06 21:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2017-01-05 22:23 - 2017-01-05 22:23 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-01-05 22:23 - 2017-01-05 22:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comms
2017-01-05 21:57 - 2017-01-05 21:57 - 00001165 _____ C:\Users\Denise\Desktop\Administrative Tools - Shortcut.lnk
2017-01-05 21:43 - 2017-01-06 11:57 - 00000000 ____D C:\Users\Denise\Documents\Administrative Tools
2017-01-05 19:50 - 2017-01-05 19:50 - 00003302 _____ C:\WINDOWS\System32\Tasks\{C0EDF6E1-4A2D-4AA4-8C9F-C7027E96E9C7}
2017-01-05 01:24 - 2017-01-06 22:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-05 01:24 - 2017-01-06 21:59 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-05 01:24 - 2017-01-06 00:03 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-05 00:27 - 2017-01-05 00:27 - 00000000 ____D C:\Users\Denise\AppData\Local\DIAL
2017-01-05 00:27 - 2017-01-05 00:27 - 00000000 ____D C:\Users\Denise\AppData\Local\__SHARED
2017-01-05 00:22 - 2017-01-05 22:51 - 00001426 _____ C:\WINDOWS\system32\.crusader
2017-01-05 00:08 - 2017-01-06 21:45 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-05 00:08 - 2017-01-05 09:36 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-04 22:38 - 2017-01-04 22:38 - 00000046 _____ C:\WINDOWS\wininit.ini
2017-01-04 21:22 - 2017-01-04 21:22 - 00000000 ____D C:\Users\Denise\AppData\Local\ElevatedDiagnostics
2017-01-04 21:21 - 2017-01-04 21:23 - 00000000 ____D C:\ProgramData\COMODO
2017-01-04 21:20 - 2017-01-04 22:21 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-04 21:18 - 2017-01-05 19:24 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-01-04 21:18 - 2017-01-04 21:18 - 00003234 _____ C:\WINDOWS\System32\Tasks\{5D10060C-CE9A-4E45-8AD5-FA806AFF8B13}
2017-01-04 21:09 - 2017-01-05 09:33 - 00000000 ____D C:\Program Files (x86)\domes
2017-01-04 21:09 - 2017-01-04 23:50 - 00000000 ___HD C:\Program Files (x86)\Skybox
2017-01-04 21:09 - 2017-01-04 21:10 - 00003706 _____ C:\WINDOWS\System32\Tasks\tsk74940622k74940622
2017-01-04 21:08 - 2017-01-04 21:08 - 00003382 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
lennonforever is offline  
Old 01-11-2017, 07:44 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lennonforever. I've attached the fixlist.txt file to this post.

Please download it to the same folder FRST64.exe is in.

Then run FRST64.exe but choose 'Fix' instead of 'Scan'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-11-2017, 08:00 PM   #17
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



Chemist - I do not know how to add the attachment to the same folder?

I am confused. Please guide me on how to do it, please
lennonforever is offline  
Old 01-13-2017, 07:38 PM   #18
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



Fix result of Farbar Recovery Scan Tool (x64) Version: 12-01-2017
Ran by Denise (13-01-2017 22:08:48) Run:2
Running from C:\Users\Denise\Downloads
Loaded Profiles: Denise (Available Profiles: Denise & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {407C3718-12AE-45ED-B3E6-F6C4BF16B802} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {446D65CC-9831-44F1-AEC1-A61D24043E6B} - System32\Tasks\{5D10060C-CE9A-4E45-8AD5-FA806AFF8B13} => pcalua.exe -a C:\Users\Denise\AppData\Local\uninstallro.exe
Task: {524CFD8F-09FD-4574-A1E1-A8ECDC38737E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {70917B54-3B3F-4A5C-8DAE-BD785325423A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {71ABF785-13DD-4EDF-862E-3056683214EB} - \WPD\SqmUpload_S-1-5-21-113211752-4274891595-2432965205-1002 -> No File <==== ATTENTION
Task: {845F7A00-839C-475B-9A44-364A6122295F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {8FDF0F84-0EF5-4FE7-9BD9-223773B7C2C1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {AE27EDFE-D87F-4CE3-8FC6-F5B43D0651E3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C9ADD37E-7E17-4E89-9645-F7CC5FAD2DC4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D8880ABC-548A-4455-9070-57B158C615EC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E4B23392-9FBE-46A7-96C2-6011BD647FB5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E75E840E-05FF-4B2A-BEDB-E9706B9689D7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E78214AD-8600-4E09-A603-B69F8FD53D24} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F9055B45-BA20-4DBD-8D87-EA672F78231B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Shortcut: C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Denise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic
AlternateDataStreams: C:\Windows:nlsPreferences [386]
SearchScopes: HKU\S-1-5-21-113211752-4274891595-2432965205-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-113211752-4274891595-2432965205-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-113211752-4274891595-2432965205-1002 -> {826A57B5-5741-4B8B-881C-B76427A64A1B} URL =
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.5\npGoogleUpdate3.dll [No File]
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{407C3718-12AE-45ED-B3E6-F6C4BF16B802} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{446D65CC-9831-44F1-AEC1-A61D24043E6B} => key not found.
C:\WINDOWS\System32\Tasks\{5D10060C-CE9A-4E45-8AD5-FA806AFF8B13} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5D10060C-CE9A-4E45-8AD5-FA806AFF8B13} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{524CFD8F-09FD-4574-A1E1-A8ECDC38737E} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70917B54-3B3F-4A5C-8DAE-BD785325423A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71ABF785-13DD-4EDF-862E-3056683214EB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-113211752-4274891595-2432965205-1002 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{845F7A00-839C-475B-9A44-364A6122295F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FDF0F84-0EF5-4FE7-9BD9-223773B7C2C1} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE27EDFE-D87F-4CE3-8FC6-F5B43D0651E3} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9ADD37E-7E17-4E89-9645-F7CC5FAD2DC4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8880ABC-548A-4455-9070-57B158C615EC} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4B23392-9FBE-46A7-96C2-6011BD647FB5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E75E840E-05FF-4B2A-BEDB-E9706B9689D7} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E78214AD-8600-4E09-A603-B69F8FD53D24} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9055B45-BA20-4DBD-8D87-EA672F78231B} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found.
C:\Users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk => not found.
C:\Users\Denise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk => not found.
C:\Users\Public\Desktop\Моzillа Firеfох.lnk => not found.
"C:\Windows" => ":nlsPreferences" ADS not found.
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-113211752-4274891595-2432965205-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{826A57B5-5741-4B8B-881C-B76427A64A1B} => key not found.
HKCR\CLSID\{826A57B5-5741-4B8B-881C-B76427A64A1B} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18476696 B
Java, Flash, Steam htmlcache => 818 B
Windows/system/drivers => 42516 B
Edge => 0 B
Chrome => 0 B
Firefox => 117816669 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Denise => 423585 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 130.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:10:40 ====
lennonforever is offline  
Old 01-14-2017, 06:56 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lennonforever. You must have run the fix twice.

How is the machine behaving?

------------------------------------------------------

I see you have P2P software ( uTorrent and BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall them. You can do so via Programs and Features(right-click the Windows "logo" button > Programs and Features).

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-15-2017, 01:05 PM   #20
Registered Member
 
lennonforever's Avatar
 
Join Date: May 2008
Location: Purgatory
Posts: 324
OS: Win 10



I've been trying and trying to delete these as I do not want them anymore. But the computer keeps saying I need admin priv!! I did check and try to give myself these but it still doesn't seem to work. I will do the things you say.

My machine is running pretty good now, no sounds in the background, not too much lagging, thanks to your guidance.
lennonforever is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
After 2 minute use suddenly no sound - laptop Medion Akoya
Hi everyone, I have very strange problem with sound on my Medion Akoya laptop. It started maybe 3 weeks ago when after approx. 2 minutes of use soud suddenly stops. What is weird is that the sound can be restored if I do following: - plug/unplug the headphones - simply by clicking on another...
bembs Sound Cards 4 08-19-2014 02:04 AM
I need help with my sound!!
So since forever I've had this problem and I'm not sure why. If i plug in my headset and my speakers into my computer, neither work. If I plug them individually they work. I want them both to work at the same time or atleast so I am able to click one on and one off without having to plug and unplug...
Greenybwa Sound Cards 8 01-19-2014 03:31 AM
Computer playing random sound and system acting crazy
Hello TSF Looks like I really need your help since some unfortunate download (or visit I am not even sure). Basically four days ago my computer started playing random music, tv adds and all sort of sounds with all applications closed. On top of it plenty of other smaller things started to happen...
toastoj2011 Resolved HJT Threads 2 01-13-2012 07:36 AM
A few Questions
Hey guys I have a few more questions, I have been slowly working on my site and looking for stuff to do it like the software to set up a social site kinda like fb or myspace. well any ways I also wanted to set up a message board for the site for people to get help or talk about stuff, for now it...
Dblanchard1278 Web Design & Development 27 07-25-2011 01:47 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:43 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts