Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible infection...

This is a discussion on Possible infection... within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi all, my computer is possibly infected and was just hoping to receive some help. What happened was, i had


 
 
Thread Tools Search this Thread
Old 09-19-2016, 11:32 AM   #1
Registered Member
 
Join Date: Jul 2010
Posts: 184
OS: Windows 7



Hi all, my computer is possibly infected and was just hoping to receive some help.

What happened was, i had my firefox browser open and then Microsoft Essentials popped up with a message in the bottom right hand corner claiming something, i can't remember what the message was exactly but i think it was something along the lines of 'infection cleaned' or infection blocked. There was a green tick as opposed to the red cross.

When checking MSE's quarantine, nothing i there, but when checking the 'all detected items' section it says it detected Rogue:JS/TechBrolo.A. It also states the action taken was to quarantine it but as i stated above, nothing is in the quarantine. In the details below it says 'Error Code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.'

I have run full scans of both MSE and MalwareBytes, both have found nothing. I have also run scans of Adwcleaner and Eset online, and again both have found nothing.

Am i clean? Did MSE possibly block the infection? All help would be much appreciated. Please find scan results below:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18450 BrowserJavaVersion: 11.101.2
Run by Steve at 19:14:51 on 2016-09-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8174.5378 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Recovery Backup Wizard] C:\Program Files (x86)\TTG\Reminder\Reminder.exe
mRun: [LedIndicatorKeyboardDriver] "C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe" showhide
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{04B4B090-9975-4758-BF22-6D97A4372D34} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
FF - prefs.js: keyword.URL - true
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-11-13 289120]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2015-8-4 246784]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-8-5 83768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2015-3-18 822496]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-8-4 1514464]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-8-4 1136608]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2014-10-8 534184]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-31 2656536]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2016-6-30 114424]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2016-3-1 104976]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-8-31 169584]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2016-8-4 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2016-8-4 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2016-8-4 64896]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-11-13 133816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-1-29 374344]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2014-10-8 766632]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2014-10-8 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2014-10-8 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2014-10-8 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2014-10-8 211104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-5 125112]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-9-14 114688]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2016-8-20 38536]
S3 semav6msr64;semav6msr64;C:\Windows\System32\drivers\semav6msr64.sys [2016-8-4 21984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-11-5 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2016-8-4 1255736]
.
=============== Created Last 30 ================
.
2016-09-19 17:36:08 -------- d-----w- C:\AdwCleaner
2016-09-19 16:03:11 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BAE53C0F-5A77-4167-8ABB-B2085A8206BD}\offreg.932.dll
2016-09-19 15:59:46 11847048 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BAE53C0F-5A77-4167-8ABB-B2085A8206BD}\mpengine.dll
2016-09-19 12:27:21 11847048 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-09-18 00:07:12 -------- d-----w- C:\Program Files\iTunes
2016-09-18 00:07:12 -------- d-----w- C:\Program Files\iPod
2016-09-16 13:13:31 -------- d-----w- C:\Users\Steve\AppData\Local\Microsoft Games
2016-09-14 16:25:59 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-09-14 16:22:50 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2016-09-14 16:22:50 377576 ----a-w- C:\Windows\System32\drivers\netio.sys
2016-09-14 16:22:50 1896168 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2016-09-14 16:22:49 84480 ----a-w- C:\Windows\SysWow64\INETRES.dll
2016-09-14 16:22:49 84480 ----a-w- C:\Windows\System32\INETRES.dll
2016-09-14 16:22:49 741888 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2016-09-14 16:22:49 46080 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2016-09-14 16:22:49 287976 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2016-09-14 16:22:45 877056 ----a-w- C:\Windows\System32\oleaut32.dll
2016-09-14 16:22:45 581632 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2016-09-14 09:05:49 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{76CD7CBD-FF52-445B-9060-11ABCE92442F}\gapaengine.dll
2016-09-04 10:34:07 -------- d-----w- C:\Users\Steve\AppData\Local\Apple Computer
2016-09-04 10:32:08 -------- d-----w- C:\Users\Steve\AppData\Local\Apple
2016-09-04 10:31:49 -------- d-----w- C:\Program Files\Bonjour
2016-09-04 10:31:49 -------- d-----w- C:\Program Files (x86)\Bonjour
2016-08-28 12:22:27 -------- d-----w- C:\Users\Steve\AppData\Local\ESET
2016-08-25 13:58:37 -------- d-----w- C:\ProgramData\Virtualized Applications
2016-08-23 09:20:45 -------- d-----w- C:\FRST
2016-08-22 16:52:49 -------- d-----w- C:\Users\Steve\AppData\Roaming\MediaInfo
2016-08-22 16:52:28 -------- d-----w- C:\Program Files\MediaInfo
2016-08-20 22:46:54 -------- d-----w- C:\Users\Steve\AppData\Local\CEF
.
==================== Find3M ====================
.
2016-09-19 16:42:21 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-09-02 15:40:18 631176 ----a-w- C:\Windows\System32\winresume.efi
2016-09-02 15:35:48 706280 ----a-w- C:\Windows\System32\winload.efi
2016-09-02 15:35:47 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-09-02 15:35:47 5548264 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-09-02 15:35:47 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-09-02 15:34:22 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2016-09-02 15:31:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2016-09-02 15:31:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2016-09-02 15:31:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2016-09-02 15:31:02 215552 ----a-w- C:\Windows\System32\winsrv.dll
2016-09-02 15:31:02 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-09-02 15:31:01 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-09-02 15:31:00 503808 ----a-w- C:\Windows\System32\srcore.dll
2016-09-02 15:31:00 50176 ----a-w- C:\Windows\System32\srclient.dll
2016-09-02 15:31:00 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-09-02 15:31:00 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-09-02 15:21:25 4000488 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-09-02 15:21:25 3944680 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-09-02 15:18:23 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2016-09-02 15:02:33 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-09-02 15:02:29 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-09-02 15:02:29 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-09-02 15:01:47 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-09-02 14:58:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-09-02 14:57:53 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-09-02 14:55:12 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-09-02 14:54:40 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-09-02 14:54:38 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-09-02 14:53:56 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-09-02 14:53:52 112640 ----a-w- C:\Windows\System32\smss.exe
2016-09-02 14:53:18 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-09-02 14:49:51 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-09-02 14:49:49 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-09-02 14:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-09-02 14:49:49 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-09-02 14:49:04 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-09-02 14:48:57 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-09-02 14:48:57 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-02 14:48:57 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-02 14:48:57 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-09-01 03:18:32 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-09-01 02:48:10 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-09-01 02:46:36 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-09-01 02:46:11 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-09-01 02:46:04 498688 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-09-01 02:44:20 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-09-01 02:24:16 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-09-01 02:23:43 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-09-01 01:59:47 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-09-01 01:29:35 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-09-01 01:29:30 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-09-01 01:24:36 4607488 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-09-01 00:43:05 2445824 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-09-01 00:40:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-09-01 00:40:38 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-09-01 00:25:20 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-09-01 00:24:36 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-09-01 00:24:29 417792 ----a-w- C:\Windows\System32\html.iec
2016-09-01 00:24:09 576000 ----a-w- C:\Windows\System32\vbscript.dll
2016-09-01 00:24:02 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-09-01 00:11:19 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-09-01 00:11:18 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-09-01 00:10:55 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-09-01 0008 6047232 ----a-w- C:\Windows\System32\jscript9.dll
2016-09-01 00:03:41 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-08-31 23:27:32 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-08-31 23:26:53 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-08-31 23:10:42 2921472 ----a-w- C:\Windows\System32\wininet.dll
2016-08-19 23:38:04 38536 ----a-w- C:\Windows\System32\drivers\pmxdrv.sys
2016-08-16 17:36:50 1009152 ----a-w- C:\Windows\System32\user32.dll
2016-08-16 02:48:15 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-08-16 02:35:57 3218432 ----a-w- C:\Windows\System32\win32k.sys
2016-08-12 16:26:18 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-08-12 16:26:12 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-08-12 16:26:05 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-08-04 18:07:45 97856 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-08-03 19:15:55 68608 ----a-w- C:\Windows\System32\taskhost.exe
2016-08-03 19:13:26 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2016-08-03 19:13:26 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2016-07-27 22:03:56 462296 ----a-w- C:\Windows\System32\drivers\vsdatant.sys
2016-07-27 19:25:34 504488 ------w- C:\Windows\System32\MpSigStub.exe
2016-07-08 15:32:47 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-07-08 15:16:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-06-26 00:35:09 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-06-26 00:27:39 756736 ----a-w- C:\Windows\System32\win32spl.dll
2016-06-26 00:27:32 344576 ----a-w- C:\Windows\System32\ntprint.dll
2016-06-26 00:27:26 970240 ----a-w- C:\Windows\System32\localspl.dll
2016-06-26 00:27:25 22528 ----a-w- C:\Windows\System32\inetppui.dll
2016-06-26 00:27:25 166400 ----a-w- C:\Windows\System32\inetpp.dll
2016-06-26 00:27:07 1208320 ----a-w- C:\Windows\System32\aeinv.dll
2016-06-25 19:54:03 497152 ----a-w- C:\Windows\SysWow64\win32spl.dll
2016-06-25 19:53:56 297472 ----a-w- C:\Windows\SysWow64\ntprint.dll
2016-06-25 19:53:05 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2016-06-25 19:53:04 61952 ----a-w- C:\Windows\System32\ntprint.exe
2016-06-25 19:41:53 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2016-06-22 1329 268800 ----a-w- C:\Windows\System32\centel.dll
.
============= FINISH: 19:15:23.77 ===============
Attached Files
File Type: txt attach.txt (12.7 KB, 31 views)
jamestt is offline  
Sponsored Links
Advertisement
 
Old 09-19-2016, 12:16 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Why do you have only 1 system restore point?

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-19-2016, 01:06 PM   #3
Registered Member
 
Join Date: Jul 2010
Posts: 184
OS: Windows 7



Hi Chemist, thank you for the reply.

I'm not exactly sure why there is only 1 restore point, there are normally two or three. I had a few issues with windows update the a few days ago which i eventually resolved, but in the process of trying to resolve the issue i did try and restore the computer to a number of points, a few did not work but the last point worked. Perhaps because of that? Not sure.

I've run adwcleaner, no infections detected. Please find farbar scans attached.

Thank you again for the reply.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2016
Ran by Steve (administrator) on STEVE-PC (19-09-2016 20:43:41)
Running from C:\Users\Steve\Downloads
Loaded Profiles: Steve (Available Profiles: Steve)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
() C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-07] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [LedIndicatorKeyboardDriver] => C:\Program Files (x86)\Led Indicator Keyboard Driver\KeyboardIndicator.exe [3284480 2011-09-05] ()
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-07-28] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3300330202-2625169188-2110648829-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3300330202-2625169188-2110648829-1000\...\Run: [Recovery Backup Wizard] => C:\Program Files (x86)\TTG\Reminder\Reminder.exe [1638496 2010-11-25] (DSG Retail Ltd)
HKU\S-1-5-21-3300330202-2625169188-2110648829-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{04B4B090-9975-4758-BF22-6D97A4372D34}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-04] (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-04] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-04] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-3300330202-2625169188-2110648829-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-04] (Google Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default
FF NewTab: about:newtab
FF Homepage: hxxps://www.google.co.uk/
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default\extensions\[email protected] [2016-07-10]
FF Extension: (WOT) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-09-16]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default\Extensions\[email protected] [2016-08-04]
FF Extension: (Firefox Hotfix) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default\Extensions\[email protected] [2016-09-08]
FF Extension: (Ghostery) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default\Extensions\[email protected] [2016-09-16]
FF Extension: (Self-Destructing Cookies) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default\Extensions\[email protected] [2016-08-10]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default\Extensions\[email protected] [2016-09-16]
FF Extension: (RequestPolicy) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default\Extensions\[email protected] [2016-05-16]
FF Extension: (New Tab Homepage) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-02-07]
FF Extension: (Video DownloadHelper) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-09-17]
FF Extension: (Adblock Plus) - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\2tsg8dj4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-16]

Chrome:
=======
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default [2016-09-18]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-08]
CHR Extension: (Adblock Plus) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-10]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-09-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-03]
CHR Extension: (Chrome Media Router) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-07-28] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-06-30] (Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2016-08-20] ()
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [462296 2016-07-27] (Check Point Software Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-19 20:43 - 2016-09-19 20:44 - 00013351 _____ C:\Users\Steve\Downloads\FRST.txt
2016-09-19 20:42 - 2016-09-19 20:42 - 03861056 _____ C:\Users\Steve\Downloads\AdwCleaner(1).exe
2016-09-19 20:41 - 2016-09-19 20:41 - 02400256 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2016-09-19 19:47 - 2016-09-19 20:25 - 00622990 _____ C:\Windows\ntbtlog.txt
2016-09-19 19:15 - 2016-09-19 19:15 - 00019318 _____ C:\Users\Steve\Desktop\dds.txt
2016-09-19 19:15 - 2016-09-19 19:15 - 00013022 _____ C:\Users\Steve\Desktop\attach.txt
2016-09-19 19:04 - 2016-09-19 19:05 - 00688992 ____R (Swearware) C:\Users\Steve\Desktop\dds.scr
2016-09-19 18:37 - 2016-09-19 18:37 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Steve\Downloads\esetonlinescanner_enu.exe
2016-09-19 18:36 - 2016-09-19 18:36 - 00000000 ____D C:\AdwCleaner
2016-09-19 18:35 - 2016-09-19 18:35 - 03861056 _____ C:\Users\Steve\Downloads\AdwCleaner.exe
2016-09-18 01:07 - 2016-09-18 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-18 01:07 - 2016-09-18 01:07 - 00000000 ____D C:\Program Files\iTunes
2016-09-18 01:07 - 2016-09-18 01:07 - 00000000 ____D C:\Program Files\iPod
2016-09-16 14:13 - 2016-09-16 14:13 - 00000000 ____D C:\Users\Steve\AppData\Local\Microsoft Games
2016-09-14 17:26 - 2016-09-01 03:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-14 17:26 - 2016-09-01 03:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-14 17:26 - 2016-09-01 02:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-14 17:26 - 2016-09-01 02:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-14 17:26 - 2016-09-01 02:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-14 17:26 - 2016-09-01 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-14 17:26 - 2016-09-01 01:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-14 17:26 - 2016-09-01 01:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-14 17:26 - 2016-09-01 01:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-14 17:26 - 2016-09-01 00:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-14 17:25 - 2016-09-02 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 17:25 - 2016-09-02 16:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 17:25 - 2016-09-02 16:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 17:25 - 2016-09-02 16:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-14 17:25 - 2016-09-02 16:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 17:25 - 2016-09-02 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 17:25 - 2016-09-02 16:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-14 17:25 - 2016-09-02 16:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-14 17:25 - 2016-09-02 16:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-14 17:25 - 2016-09-02 16:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-14 17:25 - 2016-09-02 16:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-14 17:25 - 2016-09-02 16:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 17:25 - 2016-09-02 16:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-14 17:25 - 2016-09-02 16:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-14 17:25 - 2016-09-02 16:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-14 17:25 - 2016-09-02 16:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-14 17:25 - 2016-09-02 16:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-14 17:25 - 2016-09-02 16:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 16:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-14 17:25 - 2016-09-02 16:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-14 17:25 - 2016-09-02 16:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-14 17:25 - 2016-09-02 16:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-14 17:25 - 2016-09-02 15:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-14 17:25 - 2016-09-02 15:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-14 17:25 - 2016-09-02 15:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 17:25 - 2016-09-02 15:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 17:25 - 2016-09-02 15:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 17:25 - 2016-09-02 15:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-14 17:25 - 2016-09-02 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-14 17:25 - 2016-09-02 15:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-14 17:25 - 2016-09-02 15:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-14 17:25 - 2016-09-02 15:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-14 17:25 - 2016-09-02 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-14 17:25 - 2016-09-02 15:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-14 17:25 - 2016-09-02 15:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-14 17:25 - 2016-09-02 15:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 15:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 15:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 17:25 - 2016-09-02 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-14 17:25 - 2016-09-01 20:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-14 17:25 - 2016-09-01 19:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-14 17:25 - 2016-09-01 04:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-14 17:25 - 2016-09-01 04:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 17:25 - 2016-09-01 03:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-14 17:25 - 2016-09-01 03:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 17:25 - 2016-09-01 03:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-14 17:25 - 2016-09-01 03:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-14 17:25 - 2016-09-01 03:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 17:25 - 2016-09-01 03:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-14 17:25 - 2016-09-01 03:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-14 17:25 - 2016-09-01 03:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 17:25 - 2016-09-01 03:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-14 17:25 - 2016-09-01 03:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-14 17:25 - 2016-09-01 03:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-14 17:25 - 2016-09-01 02:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-14 17:25 - 2016-09-01 02:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-14 17:25 - 2016-09-01 02:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-14 17:25 - 2016-09-01 02:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-14 17:25 - 2016-09-01 02:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 17:25 - 2016-09-01 02:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-14 17:25 - 2016-09-01 02:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-14 17:25 - 2016-09-01 02:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 17:25 - 2016-09-01 02:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 17:25 - 2016-09-01 01:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 17:25 - 2016-09-01 01:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 17:25 - 2016-09-01 01:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 17:25 - 2016-09-01 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-14 17:25 - 2016-09-01 01:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 17:25 - 2016-09-01 01:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-14 17:25 - 2016-09-01 01:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 17:25 - 2016-09-01 01:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 17:25 - 2016-09-01 01:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-14 17:25 - 2016-09-01 01:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-14 17:25 - 2016-09-01 01:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-14 17:25 - 2016-09-01 01:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-14 17:25 - 2016-09-01 01:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-14 17:25 - 2016-09-01 01:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 17:25 - 2016-09-01 01:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-14 17:25 - 2016-09-01 01:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 17:25 - 2016-09-01 01:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-14 17:25 - 2016-09-01 00:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-14 17:25 - 2016-09-01 00:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-14 17:25 - 2016-09-01 00:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-14 17:25 - 2016-09-01 00:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-14 17:25 - 2016-09-01 00:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-14 17:25 - 2016-09-01 00:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-14 17:25 - 2016-09-01 00:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-14 17:25 - 2016-09-01 00:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-14 17:25 - 2016-09-01 00:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 17:25 - 2016-09-01 00:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-14 17:25 - 2016-09-01 00:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-14 17:25 - 2016-09-01 00:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 17:25 - 2016-09-01 00:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 17:25 - 2016-08-31 23:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 17:25 - 2016-08-31 23:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 17:25 - 2016-08-16 18:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 17:25 - 2016-08-16 03:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 17:25 - 2016-08-16 03:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 17:25 - 2016-08-12 17:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 17:25 - 2016-08-12 17:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 17:25 - 2016-08-12 17:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 17:22 - 2016-08-06 16:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 17:22 - 2016-08-06 16:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-14 17:22 - 2016-07-07 16:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-14 17:22 - 2016-07-07 16:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-14 17:22 - 2016-07-07 16:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-14 17:22 - 2016-07-07 16:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-14 17:22 - 2016-07-01 16:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-14 17:22 - 2016-07-01 16:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-14 17:22 - 2016-07-01 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-14 17:22 - 2016-07-01 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-14 17:01 - 2016-06-06 17:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-14 17:01 - 2016-06-06 17:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-14 17:01 - 2016-06-06 17:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-14 17:01 - 2016-06-06 17:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-14 17:01 - 2016-06-06 16:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-14 17:01 - 2016-06-06 16:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-14 17:01 - 2016-06-06 16:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-14 17:01 - 2016-06-06 16:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-14 17:01 - 2016-05-13 23:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-14 17:01 - 2016-05-13 23:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-14 17:01 - 2016-05-13 23:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-14 17:01 - 2016-05-13 23:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-14 17:01 - 2016-05-13 22:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-14 17:01 - 2016-05-13 22:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-14 17:01 - 2016-05-13 22:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-14 17:01 - 2016-05-13 22:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-14 17:01 - 2016-05-13 22:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-14 17:01 - 2016-05-13 22:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-14 17:01 - 2016-05-13 22:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-14 17:01 - 2016-05-13 22:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-14 17:01 - 2016-05-13 22:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-14 17:01 - 2016-05-13 22:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-14 17:01 - 2016-05-13 22:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-14 17:01 - 2016-05-13 22:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-14 17:01 - 2016-05-12 18:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-14 17:01 - 2016-05-12 16:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-14 17:01 - 2016-05-12 16:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-14 17:01 - 2016-05-04 18:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-14 17:01 - 2016-05-04 18:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-14 17:01 - 2016-05-04 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-14 17:01 - 2016-05-04 18:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-14 17:01 - 2016-05-04 18:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-14 17:01 - 2016-05-04 18:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-14 17:01 - 2016-05-04 18:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-14 17:01 - 2016-05-04 18:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-14 17:01 - 2016-05-04 18:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-14 17:01 - 2016-05-04 18:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-14 17:01 - 2016-05-04 16:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-14 17:01 - 2016-05-04 15:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-11 16:58 - 2016-09-11 16:58 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-09-11 16:58 - 2016-09-11 16:58 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-09-11 16:58 - 2016-09-11 16:58 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-09-10 01:16 - 2016-09-19 18:10 - 00000000 ____D C:\Users\Steve\Documents\New folder
2016-09-04 11:34 - 2016-09-04 11:34 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Apple Computer
2016-09-04 11:34 - 2016-09-04 11:34 - 00000000 ____D C:\Users\Steve\AppData\Local\Apple Computer
2016-09-04 11:32 - 2016-09-04 11:32 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-04 11:32 - 2016-09-04 11:32 - 00000000 ____D C:\Users\Steve\AppData\Local\Apple
2016-09-04 11:32 - 2016-09-04 11:32 - 00000000 ____D C:\ProgramData\Apple Computer
2016-09-04 11:32 - 2016-09-04 11:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-09-04 11:31 - 2016-09-18 01:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-09-04 11:31 - 2016-09-04 11:32 - 00000000 ____D C:\ProgramData\Apple
2016-09-04 11:31 - 2016-09-04 11:31 - 00000000 ____D C:\Program Files\Bonjour
2016-09-04 11:31 - 2016-09-04 11:31 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-08-28 13:22 - 2016-09-19 19:37 - 00000000 ____D C:\Users\Steve\AppData\Local\ESET
2016-08-25 15:02 - 2016-08-25 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2016-08-25 14:58 - 2016-08-25 15:04 - 00000000 ____D C:\ProgramData\Virtualized Applications
2016-08-25 13:26 - 2016-08-25 13:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-23 10:20 - 2016-09-19 20:43 - 00000000 ____D C:\FRST
2016-08-22 17:52 - 2016-08-22 17:52 - 04999664 _____ (MediaArea.net) C:\Users\Steve\Downloads\MediaInfo_GUI_0.7.87_Windows.exe
2016-08-22 17:52 - 2016-08-22 17:52 - 00000913 _____ C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2016-08-22 17:52 - 2016-08-22 17:52 - 00000000 ____D C:\Users\Steve\AppData\Roaming\MediaInfo
2016-08-22 17:52 - 2016-08-22 17:52 - 00000000 ____D C:\Program Files\MediaInfo
2016-08-20 23:46 - 2016-08-20 23:46 - 00000000 ____D C:\Users\Steve\AppData\LocalLow\Adobe
2016-08-20 23:46 - 2016-08-20 23:46 - 00000000 ____D C:\Users\Steve\AppData\Local\CEF
2016-08-20 00:20 - 2016-08-20 00:38 - 00038536 _____ C:\Windows\system32\Drivers\pmxdrv.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-19 20:43 - 2016-08-04 13:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-19 20:39 - 2011-08-31 15:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-19 20:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-19 19:46 - 2009-07-14 05:45 - 00027744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-19 19:46 - 2009-07-14 05:45 - 00027744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-19 19:39 - 2016-08-04 13:57 - 00000000 ____D C:\Users\Steve\AppData\Roaming\vlc
2016-09-19 19:24 - 2011-08-31 15:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-19 11:47 - 2016-08-04 13:03 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-19 11:47 - 2016-08-04 13:03 - 00000000 ____D C:\Users\Steve\AppData\Local\Adobe
2016-09-19 11:47 - 2011-08-31 15:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-16 12:44 - 2009-07-14 06:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-16 12:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-09-16 09:57 - 2016-08-14 17:07 - 00000000 ____D C:\Users\Steve\AppData\Local\CrashDumps
2016-09-15 20:22 - 2016-08-04 14:07 - 00000000 ____D C:\Users\Steve\AppData\Roaming\SoftGrid Client
2016-09-15 15:34 - 2011-08-31 15:31 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-15 14:58 - 2016-08-03 19:11 - 00000000 ____D C:\Users\Steve\AppData\Local\Google
2016-09-15 14:58 - 2011-08-31 15:31 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-15 11:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-09-15 00:32 - 2016-08-04 10:14 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-15 00:32 - 2016-08-04 10:14 - 00000000 ____D C:\Program Files\Intel
2016-09-14 17:34 - 2016-08-04 03:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-14 17:34 - 2016-08-04 03:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-14 17:34 - 2009-07-14 05:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-14 17:31 - 2016-08-04 03:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-14 17:30 - 2016-08-04 09:17 - 00000000 ____D C:\Windows\system32\MRT
2016-09-14 17:26 - 2016-08-04 09:17 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-14 14:34 - 2016-08-05 11:41 - 00000000 ____D C:\Users\Steve\AppData\Local\ElevatedDiagnostics
2016-09-14 10:06 - 2016-08-04 13:05 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-14 09:56 - 2016-08-03 16:21 - 00000000 ____D C:\Users\Steve
2016-09-14 09:54 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-14 09:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2016-09-14 09:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-09-14 09:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-09-14 09:41 - 2010-11-21 08:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-09-11 16:06 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-09-06 10:03 - 2009-07-14 06:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-03 14:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-31 22:20 - 2016-08-04 13:02 - 01211072 _____ (Adobe Systems Incorporated) C:\Users\Steve\Downloads\uninstall_flash_player.exe
2016-08-29 18:07 - 2016-08-04 14:06 - 00000000 ____D C:\Users\Steve\AppData\Roaming\TP
2016-08-27 19:59 - 2011-02-24 10:52 - 00000000 ____D C:\Program Files (x86)\TTG
2016-08-25 13:37 - 2011-02-24 10:58 - 00000000 ____D C:\ProgramData\TTG
2016-08-25 13:37 - 2011-02-24 10:48 - 00000000 ____D C:\Applications
2016-08-25 13:27 - 2016-08-04 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-24 13:30 - 2016-08-17 11:16 - 00000000 ____D C:\Users\Steve\AppData\LocalLow\Temp
2016-08-20 23:46 - 2016-08-03 19:58 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Adobe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-06 02:00

==================== End of FRST.txt ============================
Attached Files
File Type: txt FRST.txt (51.1 KB, 29 views)
File Type: txt Addition.txt (20.8 KB, 29 views)
jamestt is offline  
Sponsored Links
Advertisement
 
Old 09-19-2016, 07:23 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello jamestt. I'm not seeing anything suspicious. Any suspicious symptoms except the MSE behavior?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-20-2016, 03:59 AM   #5
Registered Member
 
Join Date: Jul 2010
Posts: 184
OS: Windows 7



Hi Chemist, i have just run both scans and both found no threats, malwarebytes scan results attached, there was no eset log.

I have not noticed any suspicious symptoms other than the whole business with MSE that i described in my original post. Why would MSE say the infection is quarantined when there is nothing in the quarantine?

Thanks again.
Attached Files
File Type: txt Scan.txt (1.0 KB, 27 views)
jamestt is offline  
Old 09-20-2016, 04:06 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, jamestt. You're very welcome. Not sure why that MSE problem would occur.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

https://windows.microsoft.com/en-US/w...up-and-restore

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-20-2016, 04:20 AM   #7
Registered Member
 
Join Date: Jul 2010
Posts: 184
OS: Windows 7



Hi Chemist, sorry one last thing, in the detected items section of MSE, should i select remove to remove the detection?
jamestt is offline  
Old 09-20-2016, 07:31 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



What is it detecting?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-20-2016, 07:46 AM   #9
Registered Member
 
Join Date: Jul 2010
Posts: 184
OS: Windows 7



Quote:
Originally Posted by chemist View Post
What is it detecting?
It's not detecting anything new, it's just the original detection from yesterday that i mentioned in my first post where it states it's been quarantined with the error message.
jamestt is offline  
Old 09-20-2016, 10:28 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Probably something along these lines:

What is Error Code 0x80508023 and how do I fix it - Microsoft Community

Yes, you can remove it. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-20-2016, 11:23 AM   #11
Registered Member
 
Join Date: Jul 2010
Posts: 184
OS: Windows 7



Quote:
Originally Posted by chemist View Post
Probably something along these lines:

What is Error Code 0x80508023 and how do I fix it - Microsoft Community

Yes, you can remove it. Let me know.
Removed and all seems good.

Ok, i guess you can mark the thread as resolved now. Thanks again for all your help Chemist, you've been great!

Kind regards,
James.
jamestt is offline  
Old 09-21-2016, 06:14 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, James! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows 7 malware infection rate soars in 2012
Windows 7's malware infection rate climbed by as much as 182% this year, Microsoft said today. But even with that dramatic increase, Windows 7 remained two to three times less likely to fall to hacker attack than the aged Windows XP. Data from Microsoft's newest twice-yearly security report...
Glaswegian Computer Security News 0 10-09-2012 01:16 PM
Unknown infection
TDSSkiller didn't find a thing and I was able to remove the Google redirect virus through the registry and it seems to be gone now. However, something new is happening. Every time I visit a website and click on really any link (making a topic on forums,looking on something on ebay,) it redirects...
Compfreak86 Inactive Malware Help Topics 0 12-16-2011 10:37 AM
Win7 infection rates rose during the second half of 2010
Win7 machines harder hit by infection as VXers change tactics ? The Register
reventon Computer Security News 0 05-15-2011 06:46 PM
Trojan Infection (pop-ups)
Hello all, since a couple of days I have had some problems with a trojan horse (I think). I keep getting pop-ups at my desktop, sometimes 10 in half an hour. My antivirus blocks the pop-ups but still it seriously bugs me. Normally I'm very carefull with my computer, it's the first serious...
TomWV Resolved HJT Threads 9 04-18-2011 02:52 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:22 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts